Select the product you need help with
- Internet Explorer
- Windows Phone
- More products
Connectivity Problems on ICS Clients When You Use a PPPoE Connection on a Windows XP ICS Host
Article ID: 319661 - View products that this article applies to.
This article was previously published under Q319661
You might not be able to browse some Web sites or to send e-mail messages that contain attachments from an Internet Connection Sharing client computer if your outbound connection is through a Windows XP-based Internet Connection Sharing host computer that uses Point-to-Point Protocol over Ethernet (PPPoE).
This issue may occur if the Windows XP-based Internet Connection Sharing host computer uses a smaller Maximum Transmission Unit (MTU) size on the public interface (the PPPoE connection to the Internet) than it uses on the private interface (the Ethernet connection to the Internet Connection Sharing client). If a packet is larger than the MTU size on the public interface, the client sends an Internet Control Message Protocol (ICMP) error to the external server to request that the server negotiate the TCP Maximum Segment Size (MSS). However, this message may be blocked by some firewalls. When this occurs, the packet is dropped.
To resolve this problem, install Windows XP Service Pack 1 (SP1) on your Internet Connection Sharing host computer. Internet Connection Sharing has been updated in Windows XP SP1 to work around this issue by using a process that is named MSS clamping. MSS clamping causes Internet Connection Sharing to set the MSS value low enough to match the external interface.
Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/322756/ )How to back up and restore the registry in Windows
To temporarily work around this problem, lower the MTU size on the internal Internet Connection Sharing client computers to 1490.
NOTE: Use this temporary workaround only in cases in which a Windows XP-based computer is both an Internet Connection Sharing host (or gateway) and is connected to the Internet by using PPPoE.
To modify the MTU on the internal Internet Connection Sharing client computers, follow these steps.
To Identify the correct MTU size:
For additional information about how to manually set the MTU size, click the following article number to view the article in the Microsoft Knowledge Base:
314053PPPoE is described in Request for Comments ( RFC) document 2516. Currently, some digital subscriber line (DSL) service providers use PPPoE to maintain the familiar "dial-up" experience for users who use a DSL modem to connect to the Internet.
(http://support.microsoft.com/kb/314053/EN-US/ )TCP/IP and NBT Configuration Parameters for Windows XP
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Windows XP Service Pack 1.
On Windows XP, PPPoE connections use a Maximum Transmission Unit (MTU) size of 1,490 to account for the additional PPP header information that is transmitted over the Ethernet network. Because the TCP MSS is negotiated during the TCP handshake by the two end systems, the end systems may set an MSS that is based on a local link MTU of 1,500 if both systems are connected to Ethernet networks. If the Internet Connection Sharing host cannot pass the traffic to and from the internal Internet Connection Sharing client because the packet is too large, the Internet Connection Sharing computer sends the appropriate ICMP message that states that fragmentation is required and that the "Don't Fragment" bit was set. The Windows XP-based Internet Connection Sharing host also includes the MTU size of the PPPoE link; the recipient of the ICMP message can initiate a renegotiation of the MSS. This process fixes the problem and is transparent to users.
The problem that is described in this article occurs when the external host blocks ICMP messages. In practice, this is typically a Web server that blocks ICMP messages at the firewall. If the internal Internet Connection Sharing client sends only small requests (such as HTTP requests), the client's packets may never become large enough to have to be fragmented by Internet Connection Sharing. However, the Web server may send back a large file or image that fills a single or multiple packets to capacity. Internet Connection Sharing sends the appropriate ICMP "fragmentation required" message back to the Web server. If this message never reaches the Web server (because it is blocked by a firewall), the Web server does not become aware that the session MSS must be renegotiated. Unless the external server is using PMTU Black Hole Router discovery (by default, this is disabled in Microsoft Windows 2000), the data never reaches the internal Internet Connection Sharing client.