[c-nsp] cisco nat breaks sonicwall

Adam Greene maillist at webjogger.net
Thu Feb 17 10:00:39 EST 2011 

John, Max, Stephen,

Thanks for your advice. We have "ip mtu 1404" on all interfaces, but I 
suspect that is not sufficient. I will look into "ip tcp adjust-mss 
1360" to understand what it does (besides specifying a lower MTU) that 
"ip mtu" does not, and try it out.

Also, mturoute looks like a promising tool to try out. It helps to know 
that both of you suspect MTU issues.

Stephen, I will study your link as well.

Thanks guys for the help.

Adam


On 2/17/2011 4:05 AM, Stack, Stephen (Citco) wrote:
> Came across an odd one recently with a clients sonicwall. May or may not be relevant, but check it out all the same
>
> http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=7587&formaction=faqalert
>
>
> Stephen Stack
>
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Max Pierson
> Sent: 16 February 2011 18:10
> To: Adam Greene
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] cisco nat breaks sonicwall
>
> MTUroute is your friend :)
>
> http://www.elifulkerson.com/projects/mturoute.php
>
> On Wed, Feb 16, 2011 at 10:02 AM, Adam Greene<maillist at webjogger.net>wrote:
>
>> Hi,
>>
>> Having a weird issue where NAT on a Cisco 1841 (IP Base 12.4(22)T) prevents
>> traffic from flowing through multiple models of Sonicwalls.
>>
>> On the 1841:  ip nat inside source list 102 interface Dialer1 overload
>>
>> The NAT works. Clients on the LAN can get to anything out on the Internet.
>> But when they try to get to hosts out on the Internet that are behind
>> Sonicwalls, the traffic fails. The weird thing is, you can telnet from LAN
>> clients to servers behind the Sonicwalls, on various ports (25, 80, 143,
>> 443, 993) but when attempting to access the Sonicwall hosts using a web
>> browser, the connection fails. This is from multiple LAN clients (PCs and
>> mobile devices).
>>
>> Anyone seen this behavior before?
>>
>> We have set MTU to 1404 on all interfaces of the 1841 ... does not help.
>>
>> When we do NAT on an ASA 5500 instead, no problem, clients can connect to
>> servers behind the Sonicwalls fine.
>>
>> Is there some feature I should enable on the 1841? Stumped ...
>>
>> Thanks,
>> Adam
>>
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> Disclaimer link.  To see it, click the link below, or copy and paste it into your browser's address line.
> http://www.citco.com/emaildisclaimer.htm
>
>
>

More information about the cisco-nsp mailing list