Re: ADSL https problem with 827-4v

binoyjosephstanly · ‎08-31-2005

hi

i have an adsl line,connected to 827 series router.Users are browsing without any problem,continues internet connection is available.but some of the websites are available, like if you go to http://www.icici.com and if you try to login(it's an https link)it's not going

there is no access list configured to block https port 443.

this is my configuration.

sh run

Building configuration...

Current configuration : 1225 bytes

!

version 12.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

logging queue-limit 100

!

ip subnet-zero

!

vpdn enable

!

vpdn-group pppoe

request-dialin

protocol pppoe

!

--More-- !

!

no voice hpi capture buffer

no voice hpi capture destination

!

interface Ethernet0

ip address 192.5.x.x.255.255.0

ip nat inside

hold-queue 100 out

!

interface ATM0

no ip address

ip mtu 1452

no atm ilmi-keepalive

--More-- dsl operating-mode auto

hold-queue 224 in

!

interface ATM0.1 point-to-point

ip mtu 1452

pvc 1/33

pppoe-client dial-pool-number 1

!

interface Dialer1

ip address negotiated

ip mtu 1452

ip nat outside

encapsulation ppp

dialer pool 1

ppp authentication chap callin

ppp chap hostname rmsllc

ppp chap password 0 rms54321

ppp pap sent-username xxx password xxx

!

ip nat inside source list 1 interface Dialer1 overload

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer1

--More-- no ip http server

!

access-list 1 permit 192.x.x.0 0.0.0.255

call rsvp-sync

!

voice-port 1

!

voice-port 2

!

voice-port 3

!

voice-port 4

!

line con 0

stopbits 1

line vty 0 4

login

!

scheduler max-task-time 5000

end

i will appreciate any inputs.

Thanks & Regds

Binoy.

mehrdad · ‎09-01-2005

Hi Binoy,

The maximum segment size should be 1452 not mtu.

6 bytes for PPPoE header and 2 bytes for PPP protocol ID so check MSS 1452 or MTU 1492.

you can define MSS through "ip adjust-mss 1452" command (The ip adjust-mss command in Cisco IOSRelease 12.2(2)XH has changed to ip tcp adjust-mss )

Regards,

Mehrdad

binoyjosephstanly · ‎09-02-2005

This is the reason behind this? r u sure.

can you please post the correct IOS name, so that i can purchase a copy.

rt now i have the basic IOS,so if i go for this IOS will this solve my issue.

Regds

Binoy

mehrdad · ‎09-02-2005

I don't mean that you should upgrade your IOS

I mean use "ip adjust-mss 1452" at your interface or change your MTU size 1492

Regards,

Mehrdad

kanno · ‎09-05-2005

Hello.

I'm having a problem very similar, with a 2801 with ADSL. I can't access HTTPS, VNC and SAP, through Tunnel, EZVPN or direct access. I made the configuration suggested with no success. I have attached the current 2801 configuration. I have tested the "ip tcp adjust-mss" in Dialer Interface too with the same result.

Does anybody help me?

mehrdad · ‎09-05-2005

pls check this out "ip tcp adjust-mss 1400" on the interface FastEthernet0/0 and let me know pls.

kanno · ‎09-05-2005

Hi ...

It worked fine. All services are OK now. Thank you for your support.

Best regards ...