Re: IE Routing Problem

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: DDJ (johnson_at_milehi.com)
Date: 07/28/04 

Date: Wed, 28 Jul 2004 15:21:36 -0600

FYI, I changed the MTU to 1492 on both the firewall and the client box...no
change, browser still fails after a few minutes.

Dan

"DDJ" <johnson@milehi.com> wrote in message
news:lGTNc.32$u77.37507@news.uswest.net...
> To try and make this easier to read, I have added my responses below...
>
> "Ace Fekay [MVP]" <firstnamelastname@hotmail.com> wrote in message
> news:uZ516jNdEHA.1356@TK2MSFTNGP09.phx.gbl...
> >
> > "DDJ" <johnson@milehi.com> wrote in message
> > news:DbSNc.25$u77.31198@news.uswest.net...
> > > We have ADSL.
> > >
> > > Ran the provided test. Although the Win2000 box I was using did not
> have
> > an
> > > MTU value in the registry, I added. Per the MTU test, the optimal
> setting
> > > would be 1404. NOTE: that this is the setting in our firewall as well
> > (says
> > > something about "fragment outbound packets larger than 1404")
> > >
> > > The browser does not have an proxy settings in place.
> > >
> > > Tested browser after adding MTU value...still doesn't work. The
> firewall
> > > forwards packets to the router, do routers generally provide for an
MTU
> > > setting?
> > >
> > > Thanks!
> >
> > Actually 1404 is really awfully low. The definition of an MTU is the
> actual
> > TCP packet size. The largest possible TCP packet size is 1500 bytes.
ADSL
> > using PPPoE lowers the MTU to 1492, using up 8 bytes for the PPPoE
> overhead.
> > So 1492 is the common one I've seen it drop lower, depending on the ADSL
> > modem. The router will accomodate the modem. The lower it is, the more
> > difficulty there will be with IE and browsing.
>
> I will change this after sending this message to see if it has any impact.
> I remember that we originally changed it to accomodate a request from
> SonicWall when setting up a VPN.
>
> >
> > What type of modem do you have?
> > What type of router do you have that is connected to the modem?
>
> We have a SonicWall SoHo 100 firewall (which is the IP = 192.168.168.1)
and
> an ActionTec DSL Modem/Router (LAN IP = 192.168.168.2, WAN IP should
remain
> private). All packets coming in through the ActionTec are routed to the
> SonicWall. All client boxes point to the SonicWall as the Gateway and to
> the DC (192.168.168.187) as the DNS. Should I not be posting all of this
IP
> info here for security reasons??? I have assumed that since they are
> internal addresses, it doesn't matter, but let me know if you think
> otherwise.
>
> >
> > I was trying to re-read your previous response, but I apogize that I am
> > getting lost in your terminology. Here's what you previously posted:
> >
> > ======================
> > > Each box is pointed to a firewall as the gateway
> > > (192.168.168.1) and to the DC as the DNS Server
> > > (192.168.168.187). The DC points to the ISP-provided two
> > > DNS servers. The common firewall gateway (192.168.168.1)
> > > forwards to the router (192.168.168.2) which forwards to
> > > the ISP's router.
> > ======================
> >
> > Now this part (the paragraph below) is the part I really do not
understand
> > because of the IP addresses that are mentioned, hence my previous
thought
> > you were "arping" packets across an OpenBSD bridged firewall, which I
know
> > not too many people use or know how to setup.
> > ...
> > > "The common firewall gateway (192.168.168.1)
> > > forwards to the router (192.168.168.2) which forwards to
> > > the ISP's router."
> > ...
> >
> > Now, let's break this down. Your 'firewall' is also your router? What
> brand
> > is it?
> > That "common firewall gateway (192.168.168.1) you mention, is that the
> above
> > firewall/router? Or are you saing that the firewall gateway and the
router
> > are two different things? Or is the router actually an ADSL modem?
>
> If I understand how this works correctly, the SonicWall is the router,
> although all the SonicWall does is pass outgoing packets to the ActionTec
> (in addition obviously to handling incoming packets from the ActionTec).
>
> >
> > From the way you described that, it seems like that the 'common firewall
> > gateway with an IP of 192.168.168.1, which is connected to your internal
> > subnet, which your internal subnet uses as a gateway, has its other
> > interface (which by definition of a 'router') configured wtih an IP on
the
> > same subnet and is connected to your ISP's router with an IP on the same
> > subnet as the internal subnet, but should be a totally different subnet.
> So
> > based on the terminology used, I am completey lost on how this is
> > configured.
>
> I remember when we first set this up last year, I had also thought that we
> needed to set the LAN side IP of the ActionTec to a different subnet than
> the WAN side IP of the SonicWall (hope I said that right!). It was either
> Qwest or SonicWall, however, that said we needed to do it this way. It
WAS
> working for some time though, so I am curious why it has gone crazy now.
>
> Hopefully the above helps you understand. Let me know if not, and thanks
> for your patience!
>
> >
> > Can you break that down for me?
> > What name brand router?
> > What name brand firewall?
> > What name brand modem (if it is)?
> >
> >
> > --
> > Regards,
> > Ace
> >
> > Please direct all replies ONLY to the Microsoft public newsgroups
> > so all can benefit.
> >
> > This posting is provided "AS-IS" with no warranties or guarantees
> > and confers no rights.
> >
> > Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
> > Microsoft Windows MVP - Windows Server - Directory Services
> >
> > Security Is Like An Onion, It Has Layers
> > HAM AND EGGS: A day's work for a chicken;
> > A lifetime commitment for a pig.
> > --
> > =================================
> >
> >
> >
> >
> >
>
>

Relevant Pages

  • Re: IE Routing Problem
    ... The router will accomodate the modem. ... > SonicWall when setting up a VPN. ... >> subnet, which your internal subnet uses as a gateway, has its other ...
    (microsoft.public.win2000.dns)
  • Re: IE Routing Problem
    ... The router will accomodate the modem. ... SonicWall when setting up a VPN. ... >> Each box is pointed to a firewall as the gateway ... > subnet, which your internal subnet uses as a gateway, has its other ...
    (microsoft.public.win2000.networking)
  • Re: New server, will this work please
    ... The NATing is being done by the SonicWall ... > are routers that actually NAT the addresses from the ISP. ... the router will get a WAN IP address which is ... with the ISP assigned subnet mask. ...
    (microsoft.public.windows.server.sbs)
  • Re: IE Routing Problem
    ... The router will accomodate the modem. ... SonicWall when setting up a VPN. ... >> Each box is pointed to a firewall as the gateway ... > subnet, which your internal subnet uses as a gateway, has its other ...
    (microsoft.public.win2000.dns)
  • Re: DSL
    ... Some older routers do require setting their IP to the same subnet that the ... modem is in, but most newer ones don't require that, handling separate ... The only cautions are 1) there can be only one PPPoE client, ... without any router at all - just configure the connection in XP using XP's ...
    (misc.news.internet.discuss)