[cisco-bba] TCP and PPPoE problems with one type of CPE

[Robert Blayzor]

We recently upgraded all of our Cisco 7200 broadband routers to NPE-G2's
and some NPE-G1's.  The code train we're using is 12.2SB.

In all of our moves/upgrades, everything has gone extremely well.

We have however run into one problem one one particular type of client.
 A Zywall5 firewall.

For whatever reason this box will connect/auth fine, it passes ICMP,
UDP, and ESP traffic just fine, but TCP is completely sporadic or
doesnt' work at all.  MTU/MSS issue?  Well maybe.

We have thousands of other customers both with MSS adjusted and non-MSS
adjusted connections and all works well.  We've tried adjusting the MSS
and not for the Zywalls without any luck at all.

What's weird is that when the Zywall first connects it appears to work
fine for just a little while, then hoses up again.

Traffic through the unit (non-TCP) works fine.  Even if you browse to
the unit from the Internet to the management web interface on the public
IP, it just hangs up (most of the time).

Even if you try the CLI from telnet on the public side it just hangs.
(it works ok via it's VPN connection however)

We have one customer who has a dozen of these things deployed.  They
claim they worked fine on our old routers (pre 12.2SB) and just stopped
working after the upgrades.  Keep in mind, this is the only one with the
issue.  Even our packet captures show TCP acks make it to the the
Zywall, but then the Zywall just fails to respond.

Just curious if anyone else has run into a similar problem.  Zyxel
doesn't seem to be much help and the customer claims they've got the
latest firmware.

-- 
Robert Blayzor
INOC
rblayzor at inoc.net
http://www.inoc.net/~rblayzor/

NOTICE: alloc: /dev/null: filesystem full