Cisco 2620 with second gateway.............................ALL HELPAPPRECIATED!!!

Discussion in 'Cisco' started by rickiez, Oct 27, 2004.

  1. rickiez

    rickiez Guest

    I have 8 remote sites connected to a main site via frame relay on a
    Cisco 2620. The main office also has a Global Technologies GNATBOX
    firewall that provides access to 3rd party internet access. The company
    IP scheme is RFC1918 reserved 10.x.x.x, and the DMZ is 172.16.x.x. There
    is a mail server on the DMZ. The connection from the LAN to the DMZ is
    Nat'd. All workstations in the main office point to the cisco 2620 as
    the default gateway and if the main office traffic needs to access the
    internet or the DMZ the Cisco issues an ICMP redirect to update the
    client's routing table and the clients try accessing the mail server
    through the firewall directly. The clients at the main branch recieve
    intermittent timeout issues when pulling or sending mail. When I
    analyzed the network traffic it appears that the packet from the router
    with the "Syn" packet set makes it. The mail server responds to the Syn
    with an "Ack". The workstation then tries to respond on its own, but it
    seems the mail server never gets it and issues a Reset. If I set the
    firewall as the default gateway it can access the mail server fine. It
    seem to only be after the router issues the redirect to the client and
    the client tries on its own. Any/all help is greatly
    appreciated..............thanks!!
     
    rickiez, Oct 27, 2004
    #1
    1. Advertisements

  2. once had a similar prob, cause by old and buggy IOS (11.something)
    Which lead to no ICMP redirect were sent.
    try a debug icmp on the router, and see if that makes any sense, and if it
    sends all of them.
    There is something about the rate of icmp redirects and also for how long
    the clients remember these.

    fx: the router issue a redirect to client and remembers that its just sent
    once, hence will not sent immidiately again to that client.

    try upgarde IOS if possible. Try a higher arp cache timeout on the clients,
    you can set this option via fx dhcp option.

    hth
    Martin
     
    Martin Bilgrav, Oct 27, 2004
    #2
    1. Advertisements

  3. rickiez

    rickiez Guest

    How would I adjust the arp cache timout on Windows clients?
     
    rickiez, Oct 27, 2004
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.