- Oct 22, 2009
- 3
- 0
- 18,510
I work from home as a network engineer and live in a somewhat rural area. We have line of sight based internet that uses LTE to connect from a Telrad CPE9000 mounted on my home back to a tower on a hill a few miles away. Its 25mb service and works for most things except for a few items in my company's lab environment and some customer equipment. A lot of my work is in Cisco APICs on customer's ACI fabrics, and when connected to my home wifi, I cannot access the APIC GUI. I will get the page stating the connection is not secure but when I click to proceed, it just sits and never loads the login page.
If I tether my computer to my phone and use its (verizon) LTE, I can access everything just fine and I can ping with a 10byte large MTU size. On my ISP I can ping equipment with a max of 1362 and when Tethered to my phone, I can ping with a max of 1372. I've opened several tickets with my ISP and have spoken to senior engineers & they have assured me that the path is allowing jumbo frames, and my home router is set to its max (1500 bytes). I have run a wireshark and see a lot of TCP retransmits and duplicate Acks. I have all security and firewalls turned off on both my laptop, home router, and the telrad device (I have mgmt access to it).
Another interesting thing is that if I tether to my phone, and login to the APIC, but then switch back to my wifi, I can typically browse around the APIC GUI just fine. Another thing I noticed is when using Cisco Anyconnect VPN client for certain customers, I can access their ACI equipment fine, but when using global protect vpn client, I can't. Unfortunately, 99% of my customers use Global Protect.
I'm at a loss as to what I should check next or have my ISP check so I wanted to see if anyone here had suggestions or ideas.
If I tether my computer to my phone and use its (verizon) LTE, I can access everything just fine and I can ping with a 10byte large MTU size. On my ISP I can ping equipment with a max of 1362 and when Tethered to my phone, I can ping with a max of 1372. I've opened several tickets with my ISP and have spoken to senior engineers & they have assured me that the path is allowing jumbo frames, and my home router is set to its max (1500 bytes). I have run a wireshark and see a lot of TCP retransmits and duplicate Acks. I have all security and firewalls turned off on both my laptop, home router, and the telrad device (I have mgmt access to it).
Another interesting thing is that if I tether to my phone, and login to the APIC, but then switch back to my wifi, I can typically browse around the APIC GUI just fine. Another thing I noticed is when using Cisco Anyconnect VPN client for certain customers, I can access their ACI equipment fine, but when using global protect vpn client, I can't. Unfortunately, 99% of my customers use Global Protect.
I'm at a loss as to what I should check next or have my ISP check so I wanted to see if anyone here had suggestions or ideas.
Facebook
Twitter
Instagram