[c-nsp] Weird Web Browsing Issues On ADSL Circuit

Rick Ernst cnsp at shreddedmail.com
Thu Apr 29 14:05:16 EDT 2010 

Transparent (or explicit) cache/proxy somewhere?  What happens if you
simulate an HTTP transaction via telnet?

On Thu, Apr 29, 2010 at 9:13 AM, Dominic <dominic at broadconnect.ca> wrote:

> Hi Everyone:
>
> I have an ADSL customer who uses a Cisco 1841 CPE for Bonded ADSL. Circuit
> has worked perfectly  for the past one year, but all of a sudden, out of
> nowhere, web browsing suddenly stopped working! yesterday
>
> Now, every other type of traffic -VPN, FTP, SMTP, PING, DNS, etc -  still
> works just fine! In fact, web browsing  also works fine for the first ONE
> minute after the router it started. After one minute, all web browsing
> stops! Doesn't matter if you are going through NAT or not. Doesn't matter if
> you connect the entire LAN, or just one PC.
>
> Interesting .. when I use a different CPE  to terminate the circuit
> -Netopia- web browsing works just fine! But when I plug the Cisco 1841, web
> browsing stops.
>
> No, defective hardware is ruled out. Already swapped the Cisco 1841.  And
> no, nothing has changed on the ISP side. And yes, there are many other
> customers on the same ADSL network who are using the exact same CPE
> configuration.
>
>
> Any ideas? Please help:   LNS-Side and CPE config below.
>
> Dominic
>
>
>
> LNS CONFIG
> vpdn-group Telco1-ADSL
> ! Default L2TP VPDN group
>  accept-dialin
>  protocol l2tp
>  ...
>  ip pmtu
>  ip mtu adjust
> -------------------
> interface Virtual-Template1
>  description Telco1-ADSL-STATIC
>  mtu 1492
>  ...
>  ip verify unicast reverse-path
>  ip tcp adjust-mss 1420
>  ...
>  ppp mtu adaptive
>  ppp multilink
> -----------------------
>
>
>
> CPE CONFIG
>
> shwo config config
> Using 4863 out of 196600 bytes
> !
>
> !
> version 15.0
> service tcp-keepalives-in
> service tcp-keepalives-out
> service timestamps debug datetime msec localtime show-timezone
> service timestamps log datetime msec localtime show-timezone
> service password-encryption
> service sequence-numbers
> !
> hostname xxxx
> !
> boot-start-marker
> boot system flash:c1841-ipbasek9-mz.150-1.M.bin
> boot-end-marker
> !
> logging buffered 51200
> logging console critical
> enable secret 5 XXXXX
> !
> no aaa new-model
> clock timezone est -5
> clock summer-time edt recurring
> dot11 syslog
> no ip source-route
> no ip gratuitous-arps
> ip icmp rate-limit unreachable 1000
> !
> !
> no ip dhcp use vrf connected
> ip dhcp excluded-address 192.168.1.1 192.168.1.20
> !
> ip dhcp pool LANSUBNET
>   network 192.168.1.0 255.255.255.0
>   dns-server X.X.X.X X.X.X.X
>   default-router 192.168.1.1
> !
> !
> ip cef
> no ip bootp server
> no ip domain lookup
> ip domain name XXXXX
> ip name-server XXXXX
> ip name-server XXXXX
> multilink bundle-name authenticated
> !
> license udi pid CISCO1841 sn FHK100350RD
> archive
>  log config
>  hidekeys
>  path ftp://XXXXX/cisco.customer.backups/XXXXX.runningconfig
>  write-memory
>  time-period 43200
> username XXXXX privilege 15 secret 5 XXXXX
> !
> !
> ip tcp synwait-time 10
> ip ftp username XXXXX
> ip ftp password 7 XXXXX
> ip ssh time-out 60
> ip ssh version 2
> !
>
> class-map match-all to.XXXVOIP.CLASS
>  description Traffic to XXXVOIP
>  match access-group 100
> class-map match-all from.XXXVOIP.CLASS
>  description Traffic From BCT VOIP
>  match access-group 101
> !
> !
> policy-map from.XXXVOIP.POLICY
>  class from.XXXVOIP.CLASS
>    priority percent 75
> policy-map to.XXXVOIP.POLICY
>  class to.XXXVOIP.CLASS
>    priority percent 75
> !
> !
> !
> !
> !
> interface FastEthernet0/0
>  description LAN Network
>  ip address 192.168.1.1 255.255.255.0
>  no ip redirects
>  no ip unreachables
>  no ip proxy-arp
>  ip nat inside
>  no ip virtual-reassembly
>  duplex auto
>  speed auto
>  no mop enabled
>  service-policy output from.XXXVOIP.POLICY
> !
> interface FastEthernet0/1
>  description Public Lan Interface
>  ip address X.X.X.X 255.255.255.248
>  no ip redirects
>  no ip unreachables
>  no ip proxy-arp
>  duplex auto
>  speed auto
>  no mop enabled
>  service-policy output from.XXXVOIP.POLICY
> !
> interface ATM0/0/0
>  no ip address
>  no ip redirects
>  no ip unreachables
>  no ip proxy-arp
>  no atm ilmi-keepalive
>  dsl enable-training-log
>  hold-queue 224 in
>  bundle enable
>  !
> !
> interface ATM0/0/0.1 point-to-point
>  description ADSL #2 XXXXX
>  no ip redirects
>  no ip unreachables
>  no ip proxy-arp
>  pvc 0/35
>  pppoe-client dial-pool-number 1
>  !
> !
> interface ATM0/1/0
>  no ip address
>  no ip redirects
>  no ip unreachables
>  no ip proxy-arp
>  no atm ilmi-keepalive
>  !
> interface ATM0/1/0.1 point-to-point
>  description ADSL #1 XXXXX
>  no ip redirects
>  no ip unreachables
>  no ip proxy-arp
>  pvc 0/35
>  pppoe-client dial-pool-number 1
>  !
> !
> interface Dialer1
>  ip address negotiated
>  ip nat outside
>  no ip virtual-reassembly
>  encapsulation ppp
>  dialer pool 1
>  dialer idle-timeout 0
>  dialer-group 1
>  ppp authentication pap callin
>  ppp pap sent-username XXXXX at DOMAIN password 7 XXXXX
>  ppp ipcp dns request
>  ppp multilink
>  ppp multilink links maximum 2
>  ppp multilink links minimum 1
>  ppp multilink load-threshold 1 either
>  ppp multilink interleave
>  ppp multilink fragment delay 10
>  no cdp enable
>  service-policy output to.XXXVOIP.POLICY
> !
> no ip forward-protocol nd
> !
> no ip http server
> no ip http secure-server
> !
> ip nat inside source list 1 interface Dialer1 overload
> ip route 0.0.0.0 0.0.0.0 Dialer1
> !
> logging trap debugging
> access-list 1 permit 192.168.1.0 0.0.0.255
> access-list 1 permit 192.168.0.0 0.0.0.255
> access-list 99 permit XXXXX
> access-list 99 permit XXXXX
> access-list 100 permit ip any X.X.X.X 0.0.0.31
> access-list 101 permit ip X.X.X.X 0.0.0.31 any
> dialer-list 1 protocol ip permit
> dialer-list 2 protocol ip permit
> no cdp run
>
> !
> !
> control-plane
> !
> banner login ^CCC==============================================
> = WARNING! WARNING! WARNING! WARNING! =
> = UNAUTHORIZED ACCESS STRICTLY PROHIBITED! =
> = All connections and keystrokes logged =
> ==============================================
> ^C
> !
> line con 0
>  login local
> line aux 0
> line vty 0 4
>  access-class 99 in
>  login local
>  transport input ssh
> line vty 5 15
>  access-class 99 in
>  no login
>  transport input ssh
> !
> scheduler allocate 4000 1000
> end
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list