Thanks all, it looks like it was an issue with the MTU size after all. I put the tcp-adjust MSS and lowered the MTU on the interface and it fixed the issue..
Sidney On Fri, Jul 2, 2010 at 8:33 AM, George Roman <[email protected]> wrote: > Hi Sidney, > > Could you maybe have asymetric routing and some statefull firewall > somewhere? I see ping is working fine to you that is why i was thinking of > that. > > Regards, > George > > > On Fri, Jul 2, 2010 at 5:04 AM, Sidney Spencer <[email protected]> wrote: > >> Hello all, >> >> >> I have run into an issue that I am having the hardest time trying to >> figure >> out what it is. Here is what is happening: >> >> I have a 2801 Router with and ASDL wic installed in it. There is >> currently >> 3 site to site VPN's configured, and basic routing, and PAT. What is >> happening is every time a user behind this router tries to access the >> internet (going to a site www.yahoo.com or facebook etc) it basically >> sits >> there and just continues to load and take forever but never comes up, if I >> go to www.google.com that has no images to load it comes up really quick >> with no issue. Here is a kicker, if I try to load a web page on internal >> site on the other side of the tunnel everything comes up as normal with no >> problems, the issue is only when I try to access external websites from >> that >> location. I am able to ping and telnet to port 80 with no problems. I >> thought it was a fragmentation issue, so I changed MTU and MSS as low as >> 1200 and the problem still persists. Has anyone else seen this issue? I >> found the issue on the internet but have not seen where anyone has come up >> with a fix for it, so I thought I would see if anyone here may have seen >> this issue and resolved? >> >> The configuration is pretty basic (snippits) >> >> F0/0 - Shutdown >> ! >> interface FastEthernet0/1 >> description $ES_LAN$ >> ip address 192.168.90.1 255.255.255.0 >> ip nat inside >> ip virtual-reassembly >> duplex auto >> speed auto >> >> interface ATM0/3/0 >> no ip address >> no ip mroute-cache >> no atm ilmi-keepalive >> dsl operating-mode auto >> hold-queue 224 in >> ! >> interface ATM0/3/0.1 point-to-point >> pvc 8/32 >> encapsulation aal5snap >> pppoe-client dial-pool-number 1 >> ! >> ! >> interface Dialer1 >> ip address negotiated >> ip nat outside >> ip virtual-reassembly >> encapsulation ppp >> dialer pool 1 >> dialer-group 1 >> no cdp enable >> ppp authentication chap pap callin >> ppp chap hostname xxxxxxxxx >> ppp chap password 0 xxxxxxxx >> ppp pap sent-username xxxxxxxxxx password 0 xxxxxxxxx >> >> ip route 0.0.0.0 0.0.0.0 Dialer1 >> >> ip nat inside source route-map internet_nat interface Dialer1 overload >> >> >> ADSL is used because that is the only option in the location in which this >> router is located. Any ideas on where I should be looking is much >> appreciated, the next step for me is to probably open a TAC case but >> wanted >> to get others thoughts first.. >> >> >> Sid >> >> > > > -- > George Roman > CCIE #24235 > JNCIE-M #497 >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
