Strange routing problem - Replacing Westell with 1760...
Hi Everyone,
I'm trying to replace a westell 7500 dsl modem with a 1760 Router that has a WIC1-ADSL card in it. The connection is now stable and I can now ping outside IP addresses from the router and from internal clients.
However, and this is STRANGE, only certain websites are pulling up. For example, I'm able to pull up google and gmail, but not techexams's website. I can ping it from both the router/client and the browser is stating "Website found. Waiting for reply..." but it never pulls up.
I'm doing nat with overload and can view the nat translations with
show ip nat translations
I'm replacing a westell 7500 dsl modem/router which works just fine.
When I remove the Cisco and put the westell back in place, all pages pull up and everything is fine.
I feel as if I'm missing something small here... I'm not running any routing protocols.
If you have a moment to glance at the running config below, I would GREATLY appreciate it.
Thanks in advance for your time and consideration.
Your Cisco friend,
Paul L.
============================================================
R5#
show run
Building configuration...
Current configuration : 3467 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R5
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
voice-card 2
!
voice-card 3
!
ip subnet-zero
ip cef
!
!
!
!
ip name-server 68.238.112.12
ip name-server 68.238.96.12
!
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-1806493643
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1806493643
revocation-check none
rsakeypair TP-self-signed-1806493643
!
!
crypto pki certificate chain TP-self-signed-1806493643
certificate self-signed 01
3082023B 308201A4 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31383036 34393336 3433301E 170D3037 30313035 32333332
35305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 38303634
39333634 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100CF35 9086EEE7 4E766946 F9D130A8 CC15AEAF 29C0E840 B15EA78D 2CC1E2E0
806C77FD E1D09734 EFF2DA8D 2BA7C096 D6320D7B 9F8616F9 CC9F8CDE 383AC64A
C602EDB6 4636AB1E C06E5F44 20DB7328 866CA8D2 58022E4C 255332C7 A2706611
B0938428 A26F7928 818AFDCF 6CF6AA06 74018B9B ED6A5A42 719188D7 D217FAFA
D3A90203 010001A3 63306130 0F060355 1D130101 FF040530 030101FF 300E0603
551D1104 07300582 0352352E 301F0603 551D2304 18301680 142AF517 FEBC5207
97D6AC4C E5775022 B415A901 FD301D06 03551D0E 04160414 2AF517FE BC520797
D6AC4CE5 775022B4 15A901FD 300D0609 2A864886 F70D0101 04050003 81810045
FF3A9C03 C90DA928 61891749 C813E94E 9C78778C 1A10CA41 6F36761C A22482BA
121C6401 B0F54C25 FC2799BE A6A47B64 5A0EDC87 6928425F 2ED43E34 F48587E2
92ABDBEA 8D3C7F6C F49F243B 8522B099 79CDE1DD 5B7B91FD C7F19C9B F3EFD4E2
682AB831 96856F33 A71FC2CC 207116D0 EB87DE19 D1853AA3 84807B40 497225
quit
!
!
!
!
!
!
interface ATM0/0
mac-address 0023.9782.a672
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
dsl enable-training-log
hold-queue 224 in
!
interface ATM0/0.1 point-to-point
pvc 0/35
vbr-nrt 128 128 1
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
speed auto
!
interface Dialer1
ip address negotiated
ip mtu 1370
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname newdsl
ppp chap password 0 newdsl1
ppp pap sent-username unxxxx password 0 pwxxxx
ppp ipcp dns request
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip dns server
!
ip http server
ip http secure-server
ip nat inside source list 10 interface Dialer1 overload
!
access-list 10 permit any
!
!
control-plane
!
!
!
voice-port 2/0
!
voice-port 2/1
!
voice-port 3/0
!
voice-port 3/1
!
!
!
!
!
!
banner motd ^CCCCCCC
*******************
PLEASE DONT LOGIN
*******************
^C
alias exec s show ip int br
!
line con 0
exec-timeout 0 0
privilege level 15
password 7 0xxxxxxx
logging synchronous
length 65
line aux 0
exec-timeout 0 0
password 7 0xxxxxxx
logging synchronous
login
line vty 0 4
exec-timeout 0 0
password 7 0xxxxxxx
logging synchronous
login
!
scheduler allocate 20000 1000
end
R5#
I'm trying to replace a westell 7500 dsl modem with a 1760 Router that has a WIC1-ADSL card in it. The connection is now stable and I can now ping outside IP addresses from the router and from internal clients.
However, and this is STRANGE, only certain websites are pulling up. For example, I'm able to pull up google and gmail, but not techexams's website. I can ping it from both the router/client and the browser is stating "Website found. Waiting for reply..." but it never pulls up.
I'm doing nat with overload and can view the nat translations with
show ip nat translations
I'm replacing a westell 7500 dsl modem/router which works just fine.
When I remove the Cisco and put the westell back in place, all pages pull up and everything is fine.
I feel as if I'm missing something small here... I'm not running any routing protocols.
If you have a moment to glance at the running config below, I would GREATLY appreciate it.
Thanks in advance for your time and consideration.
Your Cisco friend,
Paul L.
============================================================
R5#
show run
Building configuration...
Current configuration : 3467 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R5
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
voice-card 2
!
voice-card 3
!
ip subnet-zero
ip cef
!
!
!
!
ip name-server 68.238.112.12
ip name-server 68.238.96.12
!
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-1806493643
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1806493643
revocation-check none
rsakeypair TP-self-signed-1806493643
!
!
crypto pki certificate chain TP-self-signed-1806493643
certificate self-signed 01
3082023B 308201A4 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31383036 34393336 3433301E 170D3037 30313035 32333332
35305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 38303634
39333634 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100CF35 9086EEE7 4E766946 F9D130A8 CC15AEAF 29C0E840 B15EA78D 2CC1E2E0
806C77FD E1D09734 EFF2DA8D 2BA7C096 D6320D7B 9F8616F9 CC9F8CDE 383AC64A
C602EDB6 4636AB1E C06E5F44 20DB7328 866CA8D2 58022E4C 255332C7 A2706611
B0938428 A26F7928 818AFDCF 6CF6AA06 74018B9B ED6A5A42 719188D7 D217FAFA
D3A90203 010001A3 63306130 0F060355 1D130101 FF040530 030101FF 300E0603
551D1104 07300582 0352352E 301F0603 551D2304 18301680 142AF517 FEBC5207
97D6AC4C E5775022 B415A901 FD301D06 03551D0E 04160414 2AF517FE BC520797
D6AC4CE5 775022B4 15A901FD 300D0609 2A864886 F70D0101 04050003 81810045
FF3A9C03 C90DA928 61891749 C813E94E 9C78778C 1A10CA41 6F36761C A22482BA
121C6401 B0F54C25 FC2799BE A6A47B64 5A0EDC87 6928425F 2ED43E34 F48587E2
92ABDBEA 8D3C7F6C F49F243B 8522B099 79CDE1DD 5B7B91FD C7F19C9B F3EFD4E2
682AB831 96856F33 A71FC2CC 207116D0 EB87DE19 D1853AA3 84807B40 497225
quit
!
!
!
!
!
!
interface ATM0/0
mac-address 0023.9782.a672
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
dsl enable-training-log
hold-queue 224 in
!
interface ATM0/0.1 point-to-point
pvc 0/35
vbr-nrt 128 128 1
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
speed auto
!
interface Dialer1
ip address negotiated
ip mtu 1370
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname newdsl
ppp chap password 0 newdsl1
ppp pap sent-username unxxxx password 0 pwxxxx
ppp ipcp dns request
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip dns server
!
ip http server
ip http secure-server
ip nat inside source list 10 interface Dialer1 overload
!
access-list 10 permit any
!
!
control-plane
!
!
!
voice-port 2/0
!
voice-port 2/1
!
voice-port 3/0
!
voice-port 3/1
!
!
!
!
!
!
banner motd ^CCCCCCC
*******************
PLEASE DONT LOGIN
*******************
^C
alias exec s show ip int br
!
line con 0
exec-timeout 0 0
privilege level 15
password 7 0xxxxxxx
logging synchronous
length 65
line aux 0
exec-timeout 0 0
password 7 0xxxxxxx
logging synchronous
login
line vty 0 4
exec-timeout 0 0
password 7 0xxxxxxx
logging synchronous
login
!
scheduler allocate 20000 1000
end
R5#
Comments
-
networker050184 Mod Posts: 11,962 ModIf you can ping then I doubt its any kind of routing issue. Are you sure DNS is resolving correctly? Could be something with MTU also.An expert is a man who has made all the mistakes which can be made.
-
mikej412 Member Posts: 10,086 ■■■■■■■■■■Don't have time to look at the config, but I'll just ask what your arp cache looks like -- are you're using an interface as your default route next hop (forcing you to arp for all external addresses) or are you using a next hop IP?:mike: Cisco Certifications -- Collect the Entire Set!
-
vinbuck Member Posts: 785 ■■■■□□□□□□I've actually seen the scenario you're talking about caused by MTU issues with ADSL. Specifically when using a cisco adsl router and hardcoding the MTU to be different than provider recommends.
Try the no ip mtu under the dialer int and see how you do ( if I remember correctly, this is a default command and won't show up in the running config)
interface Dialer1
ip address negotiated
no ip mtu
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname newdsl
ppp chap password 0 newdsl1
ppp pap sent-username unxxxx password 0 pwxxxx
ppp ipcp dns requestCisco was my first networking love, but my "other" router is a Mikrotik... -
/usr Member Posts: 1,768 ■■■□□□□□□□So if your clear your DNS cache on a client and ping any website, you can accurately resolve the IP, but when you try to surf to some pages, it just times out?
That's weird...?
I ran into similar issues lately, but I was using an ASA 5505 and Westell DSL modems, not an ADSL WIC. -
vinbuck Member Posts: 785 ■■■■□□□□□□So if your clear your DNS cache on a client and ping any website, you can accurately resolve the IP, but when you try to surf to some pages, it just times out?
That's weird...?
I ran into similar issues lately, but I was using an ASA 5505 and Westell DSL modems, not an ADSL WIC.
This is a very common problem on PPPoE DSL Networks when using a device that isn't configured to automatically determine the MTU (PATH MTU). The problem is due to the overhead involved with network transport that chops down the available MTU size.
Here is a decent summary of why it happens..
PPPoE: Problems with resolving DNS and general connectivity. Its your MTU! Cisco Forum FAQ | DSLReports.com, ISP InformationCisco was my first networking love, but my "other" router is a Mikrotik... -
ptlinva Member Posts: 125Mississippi Guardsman... you are the BOMB!
You can definately tell that you are a DSL guy!
The two commands that fixed all my issues were...
no ip mtu
setting on the dialer interface
...and the command...
ip tcp adjust-mss 1440
on the LOCAL ETHERNET CONNECTION.
The link you posted for...
PPPoE: Problems with resolving DNS and general connectivity. Its your MTU! Cisco Forum FAQ | DSLReports.com, ISP Information
was PERFECT!
Again, and I hate to sound redudant, but THANKS TO EVERYONE!
Your friend always,
Paul -
vinbuck Member Posts: 785 ■■■■□□□□□□Mississippi Guardsman... you are the BOMB!
You can definately tell that you are a DSL guy!
The two commands that fixed all my issues were...
no ip mtu
setting on the dialer interface
...and the command...
ip tcp adjust-mss 1440
on the LOCAL ETHERNET CONNECTION.
The link you posted for...
PPPoE: Problems with resolving DNS and general connectivity. Its your MTU! Cisco Forum FAQ | DSLReports.com, ISP Information
was PERFECT!
Again, and I hate to sound redudant, but THANKS TO EVERYONE!
Your friend always,
Paul
Glad you got your MTU issues cleared up. I had never seen that before until I worked on a customer that was using a Cisco DSL router instead of our SOHO DSL Gateway that we normally use and he was able to surf some pages but not others. I have learned so much since I started working on provider networks. It can be fun...but when they call you at 3 in the morning because some redneck decided to dig up your fiber with his tractor...it can really suck...but hey you learn either way. Glad we could help ya!Cisco was my first networking love, but my "other" router is a Mikrotik...