Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

cannot access .asp pages on web server

Status
Not open for further replies.

ifconf

IS-IT--Management
Nov 15, 2004
28
GB
Hi. I have a Windows 2003 server running IIS which sits behind a Checkpoint FW which in turn connects to he internet using a Cisco 837 ADSL router. I have removed all access lists from the Cisco and I am not doing any NATing on the Cisco, all NATing is done on the Checkpoint. The problem that I have is that I cannot access any .asp pages on the web server from outside, from within the network I am able to access all pages on the web site. I have isolated cause of the problem by plugging a laptop into the WAN interface of the checkpoint, I am able to connect to all pages including .asp pages. If I connect via the Cisco only html and htm pages load into the browser, .asp pages never load and all the browser says is "done" in the bottom left. So it seems that the Cisco is doing something, or not doing something that is causing these pages to never be loaded. Please.....Help....I'm going mad here..
Any ideas, suggestions would be greatly apprectiated. Thanks in advance.
 
Did you try this?

PC---Cisco 837---Web Server

Try to access the web server without the firewall.
 
I have solved this problem if anyone has the same problem. I was the Cisco router causing the problem, and the cause and solution was as follows;

PPPoE standard supports an MTU of only 1492 bytes. The disparity between the host and PPPoE MTU size can cause the router in between the host and the server to drop 1500-byte packets and terminate TCP sessions over the PPPoE network. Even if the path MTU (which detects the correct MTU across the path) is enabled on the host, sessions may be dropped because system administrators sometimes disable the ICMP error messages that must be relayed from the host in order for path MTU to work.

The ip tcp adjust-mss command helps prevent TCP sessions from being dropped by adjusting the MSS value of the TCP SYN packets and is effective only for TCP connections passing through the router.

On my configuration I had an mtu size of 1452 (the default)

interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
ip mtu 1452 <----

So I set the mss command to 1492 and checked connectivity for .asp files

The command was applied like this:

ip tcp adjust-mss 1412
 
i set my pppoe connection to:

mtu 1492
ip tcp adjust-mss 1452
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top