[rbak-nsp] SE400 + CLIPS + NAT + ? MTU ?? problem

["Kuba" Dawid Chrzan]

Hi

I set up clips context  on SE400
Redback Networks SmartEdge OS Version SEOS-6.2.1.9.46-Release

and all is running more less ok - except some websites.

http://www.speedtest.pl/ or http://yahoo.com  can not be displayed.
I cannot figure out what is wrong. It looks like MTU problem - but how 
can it  MTU problem in clips ?

When i switch user to external ip addres - not using nat - everything 
works PERFECT.


I had the same problem  in PPPOE context but was solved using
interface LAN_PPPOE multibind
   ip address 10.192.255.254/16
   ip mtu 1460
   ip clear-df
   ip tcp mss replace 1420




Anyone any ideas - please ?


context CLIPS
!
  no ip domain-lookup
!
  ip nat pool NAT_POOL napt multibind
   address 199.189.55.161/32 port-block 0 to 15
!
  ip nat pool NAT_POOL_2 napt multibind
   address 199.189.55.162/32 port-block 0 to 15



  nat policy nat-policy
! Default class
   ignore
   endpoint-independent filtering udp
! Named classes
   access-group ACL_NAT
    class ACL_NAT10
     pool NAT_POOL CLIPS
     timeout tcp 3600
     timeout udp 60
     timeout fin-reset 60
     timeout icmp 30
     timeout syn 60
     admission-control tcp
     admission-control udp
     admission-control icmp
     endpoint-independent filtering udp
    class NO_NAT
     ignore
    class DNAT_53
     pool NAT_POOL CLIPS
     destination 8.8.8.8
    class ACL_NAT20
     pool NAT_POOL_2 CLIPS
     timeout tcp 3600
     timeout udp 60
     timeout fin-reset 60
     timeout icmp 30
     timeout syn 60
     admission-control tcp
     admission-control udp
     admission-control icmp
     endpoint-independent filtering udp


  interface LAN multibind
   description CLIPS LAN
   ip address 10.99.255.254/16
   dhcp server interface
   ip arp proxy-arp

  interface EXT-LAN multibind
   description CLIPS EXTERNAL ADDRESSES
   ip address 194.183.55.185/29
   dhcp server interface
   ip clear-df


  interface loopCLIPS loopback
   ip address 199.189.55.132/32
    ip source-address radius
  no logging console
!



  policy access-list ACL_NAT
   seq 1 permit ip 10.99.0.0 0.0.255.255 host 66.66.66.66 class NO_NAT
   seq 10 permit ip 10.99.0.0 0.0.0.255 any class ACL_NAT10
   seq 20 permit ip 10.99.1.0 0.0.0.255 any class ACL_NAT20



  subscriber default
    port-limit 1
    qos policy policing PPPoE_upload
    qos policy metering PPPoE_download
    nat policy-name nat-policy
    dhcp max-addrs 1
    dns primary 8.8.8.8
    dns secondary 8.8.4.4
    session-limit agent-remote-id 1


ip route 0.0.0.0/0 context BGP
  service telnet client
!


  dhcp server policy
    nak-on-subnet-deletion
    offer-lease-time 300
    default-lease-time 180
    maximum-lease-time 180
    subnet 10.99.0.0/16
      range 10.99.0.100 10.99.255.100
      option subnet-mask 255.255.0.0
      option router 10.99.255.254
      option domain-name-server 8.8.8.8

   subnet  199.189.55.184/29
      range 1 199.189.55.186 194.183.55.190
      option subnet-mask 255.255.255.248
      option router  199.189.55.185
      option domain-name-server 8.8.8.8
-- 
Pozdrawiam
"Kuba" Dawid Chrzan