Intermittant connectivity problems with cisco 1811 3

[overmodulation]

Hello,

I recently configured and installed a cisco 1811 router at the office.

It works great except when I try to access some web sites (i.e. gmail, amazon, etc). Sometimes I can get to these sites fine and other times I can't at all. Meanwhile I have no issues at all accessing other sites.

Has anyone encountered this or something similar?

I don't have the firewall capabilities enabled in the router at all. I simply have a DSL coming into FastEthernet0 and a VLAN coming out into a switch and in turn to a few computers.

 

[burtsbees]

When you say that gmail and a couple of other sites "come and go", do they partially load, but never all the way? If so, does hitting the refresh button a few times take care off it? If they only partially load, can you do me a favor and try cisco.com and usbank.com? These two sites (Cisco every time) were sites I had trouble like this with, until I lowered my MTU. Do these sites come and go on all computers, or just one? There is a utility called Dr TCP found here

http://www.dslreports.com/drtcp

Try tweaking the mtu on the pc you are using to get to these sites, and lower MTU to 1452 on the pc, and
ip mtu 1452
ip tcp adjust-mss 1412
See if those tweaks help. You said that 1452 mss (max segment size) and 1492 mtu (max transmission unit) fixed it...did it fix it, but the problems came back? Routing is not the problem here, if the pages on just a few sites never load all the way. Is this the symptom you are experiencing?
Have a great weekend, and don't forget to change the clocks back...

Burt

 

[overmodulation]

Hey Burtsbees,

Yep that's exactly the symptom I'm experiencing.

Cisco.com and most others, including my bank, load properly.

It's gmail that seems to give me the most trouble, and I keep that browser tab open all day usually.

I printed this thread out so I could go through it better. I've tried a few of the things and the router seems to be behaving nicely right now.

I won't breathe near it or anything haha.

 

[burtsbees]

Gmail has recently updated their site...

Burt

 

[overmodulation]

I noticed that ... like yesterday.

 

[overmodulation]

You guys rock!

First I shutdown fa1 until I get it up and running. I also removed the route 0.0.0.0 0.0.0.0 int fa1.

Then I changed my default route on fa0 to the gateway address of the ADSL link instead of the interface itself.

So far so good.

Now I need to figure out how to load balance my two ADSL links and then get my ASA 5510 up and running.

If I post a diagram of my proposed network layout, would y'all be willing to take a look?

 

[burtsbees]

Sure.

BURT

 

[overmodulation]

Thanks Burt.

 

[burtsbees]

Is the T1 the main line, and do you want to use the two adsl lines as backups? Or are you using all 3?

Burt

 

[overmodulation]

I'd like to use the ADSLs for internet access. Incoming app server requests come in on all three too.

 

[burtsbees]

Do you want to bundle the adsl lines, or load balance? By default, they load balance.

Burt

 

[overmodulation]

I'd like to load balance them. I was going to try that next once I make sure the config I have for the 1811 is good to go. It appears to be now after all your and others' help.

Can I have an outside interface on my ASA 5510 with the address 192.168.1.2 (connected to the 1811, which is 192.168.1.1)? I have that currently and don't have any internet access. I think I'm missing a route somewhere in my ASA 5510 but when I try to put one in it gives me an error.

I didn't realize that the IOS 12.x and ASA Software 7.0 were so different!

 

[burtsbees]

Post a config of the asa...

Burt

 

[overmodulation]

I still can't get to the internet from the asa. I have it coming from the 1811 (Outside2). The T1 is not hooked up. I have it shutdown. I can ping the ADSL IP and hosts on the 192.168.1.x network through the ASA CLI. I cannot ping hosts on 192.168.1.x from the test computer though (192.168.2.x).

: Saved
:
ASA Version 7.0(7)
!
hostname ohmgciscoasa
domain-name myDomain.com
enable password O.Uruh/R3Etxgveu encrypted
names
dns-guard
!
interface Ethernet0/0
 description T1
 nameif Outside1
 security-level 0
 ip address x.x.x.x 255.255.255.248
!
interface Ethernet0/1
 description connection coming from 1811 router, which load balances 2 ADSL link
s
 nameif Outside2
 security-level 0
 ip address 192.168.1.2 255.255.255.0
!
interface Ethernet0/2
 nameif Inside
 security-level 100
 ip address 192.168.2.1 255.255.255.0
!
interface Ethernet0/3
 nameif DMZ
 security-level 0
 ip address 10.30.30.1 255.255.255.0
!
interface Management0/0
 nameif management
 security-level 100
 ip address 192.168.3.1 255.255.255.0
 management-only
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring 1 Sun Apr 2:00 last Sun Oct 2:00
dns domain-lookup management
dns domain-lookup Outside2
dns domain-lookup Inside
dns name-server 4.2.2.1
dns name-server 4.2.2.2
same-security-traffic permit inter-interface
pager lines 24
logging enable
logging asdm informational
mtu management 1500
mtu Outside2 1500
mtu Inside 1500
mtu Outside1 1500
mtu DMZ 1500
no failover
asdm image disk0:/asdm-507.bin
no asdm history enable
arp timeout 14400
nat-control
global (management) 1 interface
global (Inside) 2 interface
nat (management) 0 0.0.0.0 0.0.0.0
nat (Inside) 0 0.0.0.0 0.0.0.0
route Outside2 0.0.0.0 0.0.0.0 192.168.1.1 1
route Outside1 0.0.0.0 0.0.0.0 x.x.x.x 2
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
username OhMyGoodness password FxkiJ6Kif5q3W.ja encrypted privilege 15
http server enable
http 192.168.3.0 255.255.255.0 management
http 192.168.2.0 255.255.255.0 Inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.2.101-192.168.2.250 Inside
dhcpd dns 192.168.1.11 4.2.2.1
dhcpd lease 3600
dhcpd ping_timeout 50
dhcpd domain myDomain.com
dhcpd auto_config management
dhcpd enable Inside
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map global_policy
 class inspection_default
  inspect dns maximum-length 512
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
!
service-policy global_policy global
Cryptochecksum:d110c833f2d19ed1cc855175840d39b9
: end