Todd: My response. I have deleted few lines to reduce the clutter. ----- 1) The first one that needs to be addressed is that you indicate this system was working for ~ 2 years and the problems began about 6 weeks ago and have gotten progressively worse. What changed 6 weeks ago? ANSWER: Nothing really. The only thing I can think of is that the T1 line to Internet backbone was down. Sprint had to change a card in their CO. T1 is working now & is heavily tested. Our internal desktop computer (LAN Connection) can connect to the Internet with NO problem. ----- When you say worse can you qualify what exactly is getting worse? Take an external site that a customer has problems with...make sure you can ping it from one of your internal workstations as you say you have no problems accessing sites with those machines. ANSWER: Actually, we are now getting more complaints, so that's why I said it is getting worse. We can PING any external site from our workstations which are connected over LAN. BIG NOTE: Please note this problem happens intermittently. Sometimes the dial-in customer connects another time, they do not. When they connect, any internal or external web site can be PINGed. When they can not access any external web site, they can still PING internal web site (or servers) but can not PING any external web site. INTERESTING HINT (This may solve the problem): When the customers dial-in works, I can run traceroute and it works. But when external web site can not be retrived, the traceroute traces the ARC (IP address of the ARC), IP address of the Gateway (CISCO Router 12.21.237.1) and then the connection times out!!!!!!! ----- Then is a customer able to ping that site and not pull up the webpage??? If so...it's MTU. ANSWER: See above & answer to Q (2). ----- 2) As far as the MTU settings....there is an issue with this if not configured properly. I've seen it posted over and over and over. You should be able to search for it and find some more info using google. The first setting I came across was the following: set network user <name> mtu <number> Don't think that's what you're really looking for. Usually (as do we) you send that information via radius. I'm thinking this may be related to my above statement...if you don't specify it, it defaults to something bad that will cause customer's issues. Typically they won't be able to pull certain sites, the browser will sit there forever trying to pull up certain frames, etc. Have you switched radius servers lately? Is your arc defaulting to a backup server that doesn't have the MTU set correctly? ANSWER: I did some searching and found answers on MTU as follows: On ARC I displayed the "ppp" settings (show ppp settings) and it shows the "System MTU" as 1514. I looked at "User" settings on freeRADIUS and the "FRAMED-MTU" setting was no-op (#). Originally when I had setup the 3com, I had a similar problem and I was told to no-op the MTU, which I did & everything worked fine. I tried removing no-op from "FRAMED-MTU - 1514" but it did not resolve the problem. ----- 3) You say the route dies outside your network? How far outside your network? Perhaps something isn't being advertised to your upstream correctly? ANSWER: As I mentioned above, when I do a traceroute, I get upto the gatewat CISCO router and then it time out. AT&T, who provides the router & T1 line has tested the router & line and found it to be operational. AT&T also had us connect a terminal (PC) directly to the router and do a traceroute and it worked. As I mentioned earlier, when the outside webs can not be accessed, we seem to get upto the router. PLEASE NOTE: if you say that the problem is in the CISCO router, then you must have a specific problem written here or it will be the same answer with AT&T!!! ----- 4) If you would like me to take a look I don't mind. Create me a temporary account on the arc and I can jump in (without changing anything) and poke around. I would also take a look on the gateway router and see what's going on with it's routes. ANSWER: YES. Send me an email directly and let me know what do you want me to do & I will give you access to our entire system. My email address is: kbajwa@tibonline.net ----- Thanks. Kirti