«

Hi,

I configured a Cisco 1605 to do the internet access (adsl, 2M/128k) for our
network with nat.
The problem is, that some internet addresses could NOT be reached, like
www.map24.com, www.schlueter.de.
Others can be reached (www.bechtle.de).

At the moment I have no idea, whats the problem. I tried to unbind the
access-list from the extenal network, but it didn't helps. I updated the IOS
to the latest version, but no change.

Any suggestions?

Ruediger

--
Visit our homepage: http://www.familie-kasten.de


Here is my config:
------------------ show version ------------------

Cisco Internetwork Operating System Software
IOS (tm) 1600 Software (C1600-K8OSY-M), Version 12.3(10), RELEASE SOFTWARE
(fc3)
Copyright (c) 1986-2004 by cisco Systems, Inc.
Compiled Tue 17-Aug-04 01:09 by kellythw
Image text-base: 0x02005000, data-base: 0x02E0662C

ROM: System Bootstrap, Version 11.1(12)XA, EARLY DEPLOYMENT RELEASE SOFTWARE
(fc1)
ROM: 1600 Software (C1600-RBOOT-R), Version 11.1(12)XA, EARLY DEPLOYMENT
RELEASE SOFTWARE (fc1)

dsl-router uptime is 16 minutes
System returned to ROM by power-on
System image file is "flash:c1600-k8osy-mz.123-10.bin"


cisco 1605 (68360) processor (revision C) with 23309K/1267K bytes of memory.
Processor board ID 12070401, with hardware revision 00000000
Bridging software.
X.25 software, Version 3.0.0.
2 Ethernet/IEEE 802.3 interface(s)
System/IO memory with parity disabled
8192K bytes of DRAM onboard 16384K bytes of DRAM on SIMM
System running from RAM
7K bytes of non-volatile configuration memory.
8192K bytes of processor board PCMCIA flash (Read/Write)

Configuration register is 0x2102


------------------ show running-config ------------------


Building configuration...

Current configuration : 3105 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname dsl-router
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 debugging
enable password <removed>
!
username root password 0 <removed>
clock timezone MESZ 1
clock summer-time MESZ date Mar 26 2001 2:00 Oct 29 2001 2:00
no aaa new-model
ip subnet-zero
ip domain lookup source-interface Dialer1
ip domain name familie-kasten.loc
ip host linux 192.168.20.1
ip name-server 194.25.2.129
ip dhcp excluded-address 192.168.20.1 192.168.20.49
!
ip dhcp pool kasten
network 192.168.20.0 255.255.255.0
default-router 192.168.20.254
domain-name familie-kasten.loc
dns-server 194.25.2.129 192.168.20.1
lease 30
!
vpdn enable
!
vpdn-group pppoe
request-dialin
protocol pppoe
!
!
!
!
!
!
!
interface Ethernet0
no ip address
pppoe enable
pppoe-client dial-pool-number 1
no cdp enable
!
interface Ethernet1
description Connection to internal LAN
ip address 192.168.20.254 255.255.255.0
ip nat inside
no cdp enable
!
interface Dialer1
bandwidth 2000
ip address negotiated
ip access-group 100 in
ip mtu 1492
ip nat outside
encapsulation ppp
dialer pool 1
ppp authentication chap callin
ppp chap hostname <removed>
ppp chap password 0 <removed>
!
ip nat inside source list 1 interface Dialer1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
no ip http server
no ip http secure-server
!
access-list 1 permit 192.168.20.0 0.0.0.255
access-list 10 permit 192.168.20.0 0.0.0.255
access-list 100 remark DIALER1 INCOMING CONNETIONS
access-list 100 permit tcp any any established
access-list 100 permit udp any eq domain any
access-list 100 permit tcp host 213.169.131.2x any eq telnet
access-list 100 permit tcp host 213.169.131.2x any eq 22
access-list 100 permit icmp any any
access-list 100 permit udp host 192.73.48.1 any eq ntp
access-list 100 deny ip any any log
access-list 110 remark ** E1 INCOMING CONNECTIONS **
access-list 110 permit udp any any eq ntp
access-list 110 permit udp any any eq domain
access-list 110 permit tcp any any eq ftp
access-list 110 permit tcp any any eq smtp
access-list 110 permit tcp any any eq www
access-list 110 permit tcp any any eq 443
access-list 110 remark Configuration Access for Router
access-list 110 permit tcp 192.168.20.0 0.0.0.255 host 192.168.20.254 eq
telnet
access-list 110 permit tcp 192.168.20.0 0.0.0.255 host 192.168.20.254 eq 22
access-list 110 remark Ports for ICQ
access-list 110 permit tcp any any eq 5190
access-list 110 permit tcp any any established
access-list 110 permit tcp any any eq domain
dialer-list 1 protocol ip permit
no cdp run
!
!
line con 0
transport preferred all
transport output all
line vty 0 4
access-class 10 in
password <removed>
login
transport preferred all
transport input all
transport output all
!
ntp clock-period 17042356
ntp source Dialer1
ntp peer 192.73.48.1
end

I would try ip tcp adjust-mss 1452 on the dialer interface. The problem
is probably caused by a combination of pmtud being broken somewhere by an
acl and the additional overhead required by pppoe.

"Ruediger Kasten" <> wrote in message
news: om...
> Hi,
>
> I configured a Cisco 1605 to do the internet access (adsl, 2M/128k) for
> our
> network with nat.
> The problem is, that some internet addresses could NOT be reached, like
> www.map24.com, www.schlueter.de.
> Others can be reached (www.bechtle.de).
>
> At the moment I have no idea, whats the problem. I tried to unbind the
> access-list from the extenal network, but it didn't helps. I updated the
> IOS
> to the latest version, but no change.
>
> Any suggestions?
>
> Ruediger
>
> --
> Visit our homepage: http://www.familie-kasten.de
>
>
> Here is my config:
> ------------------ show version ------------------
>
> Cisco Internetwork Operating System Software
> IOS (tm) 1600 Software (C1600-K8OSY-M), Version 12.3(10), RELEASE SOFTWARE
> (fc3)
> Copyright (c) 1986-2004 by cisco Systems, Inc.
> Compiled Tue 17-Aug-04 01:09 by kellythw
> Image text-base: 0x02005000, data-base: 0x02E0662C
>
> ROM: System Bootstrap, Version 11.1(12)XA, EARLY DEPLOYMENT RELEASE
> SOFTWARE
> (fc1)
> ROM: 1600 Software (C1600-RBOOT-R), Version 11.1(12)XA, EARLY DEPLOYMENT
> RELEASE SOFTWARE (fc1)
>
> dsl-router uptime is 16 minutes
> System returned to ROM by power-on
> System image file is "flash:c1600-k8osy-mz.123-10.bin"
>
>
> cisco 1605 (68360) processor (revision C) with 23309K/1267K bytes of
> memory.
> Processor board ID 12070401, with hardware revision 00000000
> Bridging software.
> X.25 software, Version 3.0.0.
> 2 Ethernet/IEEE 802.3 interface(s)
> System/IO memory with parity disabled
> 8192K bytes of DRAM onboard 16384K bytes of DRAM on SIMM
> System running from RAM
> 7K bytes of non-volatile configuration memory.
> 8192K bytes of processor board PCMCIA flash (Read/Write)
>
> Configuration register is 0x2102
>
>
> ------------------ show running-config ------------------
>
>
> Building configuration...
>
> Current configuration : 3105 bytes
> !
> version 12.3
> service timestamps debug datetime msec
> service timestamps log datetime msec
> no service password-encryption
> !
> hostname dsl-router
> !
> boot-start-marker
> boot-end-marker
> !
> logging buffered 4096 debugging
> enable password <removed>
> !
> username root password 0 <removed>
> clock timezone MESZ 1
> clock summer-time MESZ date Mar 26 2001 2:00 Oct 29 2001 2:00
> no aaa new-model
> ip subnet-zero
> ip domain lookup source-interface Dialer1
> ip domain name familie-kasten.loc
> ip host linux 192.168.20.1
> ip name-server 194.25.2.129
> ip dhcp excluded-address 192.168.20.1 192.168.20.49
> !
> ip dhcp pool kasten
> network 192.168.20.0 255.255.255.0
> default-router 192.168.20.254
> domain-name familie-kasten.loc
> dns-server 194.25.2.129 192.168.20.1
> lease 30
> !
> vpdn enable
> !
> vpdn-group pppoe
> request-dialin
> protocol pppoe
> !
> !
> !
> !
> !
> !
> !
> interface Ethernet0
> no ip address
> pppoe enable
> pppoe-client dial-pool-number 1
> no cdp enable
> !
> interface Ethernet1
> description Connection to internal LAN
> ip address 192.168.20.254 255.255.255.0
> ip nat inside
> no cdp enable
> !
> interface Dialer1
> bandwidth 2000
> ip address negotiated
> ip access-group 100 in
> ip mtu 1492
> ip nat outside
> encapsulation ppp
> dialer pool 1
> ppp authentication chap callin
> ppp chap hostname <removed>
> ppp chap password 0 <removed>
> !
> ip nat inside source list 1 interface Dialer1 overload
> ip classless
> ip route 0.0.0.0 0.0.0.0 Dialer1
> no ip http server
> no ip http secure-server
> !
> access-list 1 permit 192.168.20.0 0.0.0.255
> access-list 10 permit 192.168.20.0 0.0.0.255
> access-list 100 remark DIALER1 INCOMING CONNETIONS
> access-list 100 permit tcp any any established
> access-list 100 permit udp any eq domain any
> access-list 100 permit tcp host 213.169.131.2x any eq telnet
> access-list 100 permit tcp host 213.169.131.2x any eq 22
> access-list 100 permit icmp any any
> access-list 100 permit udp host 192.73.48.1 any eq ntp
> access-list 100 deny ip any any log
> access-list 110 remark ** E1 INCOMING CONNECTIONS **
> access-list 110 permit udp any any eq ntp
> access-list 110 permit udp any any eq domain
> access-list 110 permit tcp any any eq ftp
> access-list 110 permit tcp any any eq smtp
> access-list 110 permit tcp any any eq www
> access-list 110 permit tcp any any eq 443
> access-list 110 remark Configuration Access for Router
> access-list 110 permit tcp 192.168.20.0 0.0.0.255 host 192.168.20.254 eq
> telnet
> access-list 110 permit tcp 192.168.20.0 0.0.0.255 host 192.168.20.254 eq
> 22
> access-list 110 remark Ports for ICQ
> access-list 110 permit tcp any any eq 5190
> access-list 110 permit tcp any any established
> access-list 110 permit tcp any any eq domain
> dialer-list 1 protocol ip permit
> no cdp run
> !
> !
> line con 0
> transport preferred all
> transport output all
> line vty 0 4
> access-class 10 in
> password <removed>
> login
> transport preferred all
> transport input all
> transport output all
> !
> ntp clock-period 17042356
> ntp source Dialer1
> ntp peer 192.73.48.1
> end

"PES" <NO*SPAMpestewartREMOVE**SUCK S> wrote in message news:<417bec67$>...
> I would try ip tcp adjust-mss 1452 on the dialer interface. The problem
> is probably caused by a combination of pmtud being broken somewhere by an
> acl and the additional overhead required by pppoe.

Hi,

thank you, this solves my problem. Now it seems that I can reach every webserver.

Ruediger