If you are one of those engineers, administrators, enthusiasts who encountered the situation of which a Cisco ADSL router is selectively blocking web sites, then this is the right post for you. I have seen many of my customers facing this issue and scratching their heads to understand the problem.

The Issue

The issue is as following: You are browsing and using the internet normally but for some specific web sites access is impossible. Your web browser times out and site is reported as unreachable. In some cases the web site may partially loaded but if you replace the router with another (non-Cisco) you are able to access these sites as expected. When you place the Cisco router back sites become inaccessible once more, even though your ADSL stats are within acceptable limits.

The problem

The fun parts is that the problem is not related to Cisco as a brand. The reason why some pages do not fully load (or not load at all) is that the router fragments IP packets greater than 1492 bytes which sent by the Source PC to the router. This fragmentation does not occur on the return path through the intermediate internet routers. When an intermediate internet router receives a packet greater than 1492 bytes, the packet is dropped, and the intermediate internet router generates and sends an Internet Control Message Protocol (ICMP) message to the web server that sent the oversized packet. The ICMP informs the web server that it sent an oversized packet and that it needs to resend the packet with a smaller MTU.

The problem occurs because many web servers block ICMP messages, which causes the server to continuously send 1500-byte packets. These packets are dropped, and as a result, the requested web site does not load. If the web server is properly configured and ICMP messages are not blocked, the server adjusts its MTU and retransmits until the page loads completely.

The solution

To overcome this issue the easiest thing you can do is to adjust your Cisco router with a maximum MTU size of 1452. In case this doesn’t work you can experiment with lower values up to 1360. To achieve this you have to change the MTU value to the internal (LAN) interface(s) of your Cisco router as follows:

interface FastEthernet0/0 (or whatever your interface is vlan1, ethernet0, etc)
ip adjust-mss 1452