1. Home
  2. Cisco Systems
  3. Problem accessing www.microsoft.com

Problem accessing www.microsoft.com

I have a very strange problem.

I have a Cisco 837. It connects to a normal UK BT wholesale ADSL service.

I am using NAT. I have several PC's connected on the LAN, some are wireless using a 3rd party WAP.

The problem is that only 1 PC can browse to

formatting link
All other web sites are unaffected.

I have checked and recehcked the access lists. I have removed firewall rules. Nothing has worked.

The only thing that makes me think that this is related to the Cisco router is that if I swap it for a Checkpoint device all the other PC's can see microsoft.com

Please help.....

Reply to
""tim"
Loading thread data ...

paste your nat config.

Flamer.

Reply to
die.spam

OK. Nat config follows. I have 3 subnets as I hae been experimenting but the same problem for all 3 subnets (just 1 PC can see microsoft.com). I have also tried reducing the MTU as low as 64 bytes with no improvement.

Tim.

interface Ethernet0 ip address 192.168.70.254 255.255.255.0 secondary ip address 192.168.101.254 255.255.255.0 secondary ip address 192.168.69.254 255.255.255.0 ip nat inside

interface Dialer0 mtu 1492 bandwidth 597 ip address negotiated ip access-group 105 in ip nat outside

access-list 69 permit 192.168.69.0 0.0.0.255 access-list 69 permit 192.168.70.0 0.0.0.255 access-list 69 permit 192.168.101.0 0.0.0.255

ip nat inside source list 69 interface Dialer0 overload

flamer snipped-for-privacy@hotmail.com wrote:

Reply to
""tim"

Reply to
""tim"

I'd be thinking along these lines ...

What error messages are produced on the other PCs when they try to access

formatting link

Can all the PCs retrieve a web page from http://207.46.19.254/ What do you see when you type nslookup

formatting link
on the "good" PC and on one of the "bad" PCs?

How does the "good" PC differ from the others - does it have a static IP address and DNS settings whilst the others use DHCP? Does it have something interesting in C:\\WINDOWS\\system32\\drivers\\etc\\hosts

etc.

Reply to
Ian Wilson

Interesting ideas but I've already been there.

I maybe getting closer though.

Cisco-837#sh ip inspect sessions | include 207.46.19.254 Session 8242EE1C (192.168.101.13:4504)=>(207.46.19.254:80) tcp SIS_OPEN Session 8242A81C (192.168.69.16:49331)=>(207.46.19.254:80) tcp SIS_OPEN Session 8242C89C (192.168.101.13:4500)=>(207.46.19.254:80) tcp SIS_OPEN

This shows 1 PC that doesn't work trying to use the same TCP socket to get the reditected web page (/en/us/default.aspx) whereas the working PC (192.168.101.13) uses 2 TCP sockets and successfully retrieves the page. Could the router be ending 1 session?

Ian Wils> dot wrote:

Reply to
""tim"

More news.

I have now fixed it.

I have changed the TCP MSS on the router LAN interface to 1455. All works now.

Any ideas why MS fails to negotiate an MSS whilst other sites manage?

T.

dot wrote:

Reply to
""tim"

whats the MTU set to?

#dot wrote:

Reply to
Kevin Wincott

Reply to
Kevin Wincott

nice idea but that was my first thing to try. I reduced MTU all the way down to 500. For some reason MSS is the only thing that seems to do it.

I may investigate if some ICMP packets are makeing path MTU discovery fail.

Kev> oops just seen it, trying using 1458

Reply to
""tim"

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.