You should use the ip tcp adjust-mss 1452 on both the vlan and the dialer
interface. You also should leave the mtu to it's default setting ( 1500 ) and
specify ip mtu 1492 on the dialer interface.
Best Regards,
Fausto Oliveira
"jasebert" wrote:
> Hi all,
>
> I am having issues accessing windows update with my Cisco 877. I have tried
> everything that has been listed in the microsoft kb's.
> Basically I have put it down to the modem. I have set the MTU for the modem
> to be at 1400 because when I put it up to 1492 the internet goes very slow.
> Firewall is enabled and I have posted the config below.
>
> Current configuration : 6535 bytes
> !
> version 12.4
> no service pad
> service tcp-keepalives-in
> service tcp-keepalives-out
> service timestamps debug datetime msec localtime show-timezone
> service timestamps log datetime msec localtime show-timezone
> service password-encryption
> service sequence-numbers
> !
> hostname cisco
> !
> boot-start-marker
> boot-end-marker
> !
> logging buffered 51200 debugging
> logging console critical
> enable secret xxxxxxxxxxx
> !
> no aaa new-model
> !
> resource policy
> !
> clock timezone PCTime 10
> clock summer-time PCTime date Mar 30 2003 3:00 Oct 26 2003 2:00
> ip subnet-zero
> no ip source-route
> ip cef
> !
> !
> ip inspect name DEFAULT100 cuseeme
> ip inspect name DEFAULT100 ftp
> ip inspect name DEFAULT100 h323
> ip inspect name DEFAULT100 icmp
> ip inspect name DEFAULT100 netshow
> ip inspect name DEFAULT100 rcmd
> ip inspect name DEFAULT100 realaudio
> ip inspect name DEFAULT100 rtsp
> ip inspect name DEFAULT100 esmtp
> ip inspect name DEFAULT100 sqlnet
> ip inspect name DEFAULT100 streamworks
> ip inspect name DEFAULT100 tftp
> ip inspect name DEFAULT100 tcp
> ip inspect name DEFAULT100 udp
> ip inspect name DEFAULT100 vdolive
> ip tcp synwait-time 10
> no ip bootp server
> ip domain name xxxxxxxxxxxxx
> ip name-server xxxxxxxxxxxxxxxxxxxx
> vpdn enable
> !
> !
> !
> crypto pki trustpoint TP-self-signed-135466939
> enrollment selfsigned
> subject-name cn=IOS-Self-Signed-Certificate-135466939
> revocation-check none
> rsakeypair TP-self-signed-135466939
> !
> !
> crypto pki certificate chain TP-self-signed-135466939
> certificate self-signed 01
> xxxxxxxxxxxxxxxxxxxxxx
> quit
> username xxxxxxxx privilege 15 secret xxxxxxxxxxxxxxxx
> username xxxxxxxxxx privilege 0 secret xxxxxxxxxxxxxxxxxxxxxxx
> !
> !
> !
> !
> !
> interface ATM0
> no ip address
> no ip redirects
> no ip unreachables
> no ip proxy-arp
> ip nat outside
> ip virtual-reassembly
> ip route-cache flow
> no atm ilmi-keepalive
> pvc 8/35
> pppoe-client dial-pool-number 1
> !
> dsl operating-mode adsl2+
> !
> interface FastEthernet0
> !
> interface FastEthernet1
> !
> interface FastEthernet2
> !
> interface FastEthernet3
> !
> interface Vlan1
> description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
> ip address x.x.x.x xxx.xxx.xxx.xxx
> ip access-group 120 out
> no ip redirects
> no ip unreachables
> no ip proxy-arp
> ip nat inside
> ip virtual-reassembly
> ip route-cache flow
> !
> interface Dialer0
> mtu 1400
> ip address negotiated
> ip nat outside
> ip virtual-reassembly
> encapsulation ppp
> dialer pool 1
> dialer-group 1
> no cdp enable
> ppp authentication pap callin
> ppp chap refuse
> ppp pap sent-username xxxxx password xxxxxxx
> !
> interface Dialer1
> no ip address
> no cdp enable
> !
> ip classless
> ip route 0.0.0.0 0.0.0.0 Dialer0
> !
> ip http server
> ip http authentication local
> ip http secure-server
> ip http timeout-policy idle 5 life 86400 requests 10000
> ip nat inside source list 1 interface Dialer0 overload
> ip nat inside source static tcp x.x.x.x 80 interface Dialer0 80
> ip nat inside source static tcp x.x.x.x 6004 interface Dialer0 6004
> ip nat inside source static tcp x.x.x.x 6002 interface Dialer0 6002
> ip nat inside source static tcp x.x.x.x 6001 interface Dialer0 6001
> ip nat inside source static tcp x.x.x.x 3389 interface Dialer0 3389
> ip nat inside source static tcp x.x.x.x 443 interface Dialer0 443
> ip nat inside source static tcp x.x.x.x 110 interface Dialer0 110
> ip nat inside source static tcp x.x.x.x 25 interface Dialer0 25
> !
> logging trap debugging
> access-list 1 permit x.x.x.x x.x.x.x
> access-list 5 permit x.x.x.x
> access-list 5 permit x.x.x.x
> access-list 5 permit x.x.x.x
> access-list 5 permit x.x.x.x x.x.x.x
> access-list 100 remark auto-generated by Cisco SDM Express firewall
> configurati
> n
> access-list 100 remark SDM_ACL Category=1
> access-list 100 deny ip host 255.255.255.255 any
> access-list 100 deny ip 127.0.0.0 0.255.255.255 any
> access-list 100 permit ip any any
> access-list 101 remark auto-generated by Cisco SDM Express firewall
> configurati
> access-list 101 remark SDM_ACL Category=1
> access-list 101 permit udp any eq bootps any eq bootpc
> access-list 101 permit icmp any any echo-reply
> access-list 101 permit icmp any any time-exceeded
> access-list 101 permit icmp any any unreachable
> access-list 101 deny ip 10.0.0.0 0.255.255.255 any
> access-list 101 deny ip 172.16.0.0 0.15.255.255 any
> access-list 101 deny ip 127.0.0.0 0.255.255.255 any
> access-list 101 deny ip host 255.255.255.255 any
> access-list 101 deny ip any any
> access-list 120 permit tcp host x.x.x.x host x.x.x.x eq www
> access-list 120 permit tcp host x.x.x.x host x.x.x.x eq 443
> access-list 120 deny tcp any host x.x.x.x eq www
> access-list 120 deny tcp any host x.x.x.x eq 443
> access-list 120 permit ip any any
> no cdp run
> !
> control-plane
> !
> banner login ^C
> -----------------------------------------------------------------------
> XXX Company.
> -----------------------------------------------------------------------
>
>
> ^C
> !
> line con 0
> login local
> no modem enable
> line aux 0
> line vty 0 4
> access-class 5 in
> privilege level 15
> login local
> transport input telnet ssh
> !
> scheduler max-task-time 5000
> scheduler allocate 4000 1000
> scheduler interval 500
> end
>
> Any assistance would be greatly appreciated.
|
Similar Threads
Linear Mode
