PPPOE, MTU, and boom.

(this is not intending to be a PPPOE holy war, so, please read on).

Over the last few days, I've be pfutzing with getting PPPOE working (it's
really our only choice, as Verizon only offers a 1483 service). We're
using Cisco 7200's and 4700's to aggregate them on our side, from DS3 and
OC3 ATM circuits.

We're using VPDN in 12.1T, with PPPOE. The PPP and AAA and all that seem
to work fine, however, we're having a browsing issue. I've checked every
setting I can think of, including MTU (which is obvious and set to 1492),
IP Header Compression (which when turned off fixed 99% of the problems),
but there is still a few websites that we cannot get to, no matter what.

I have confirmed that when I block all ICMP to/from a website, we cannot
browse that site -- which is somewhat obivious. The question is, how, as
an internet community as a whole, do we fix this?

Some significant sites are like this -- the bill-checking portion of
www.americanexpress.com, www.intuit.com, www.visa.com, some portions of
www.chase.com, etc.

Seems to me that most people using PPPOE would have a problem here. Or, am
I alone?

My testing has been limited to Win2k, but I've heard similar reports on
WinME, 98, etc.

-- Alex Rubenstein, AR97, K2AHR, alex@nac.net, latency, Al Reuben --
-- Net Access Corporation, 800-NET-ME-36, http://www.nac.net --

Could it be Path MTU/fragmentation issues on account of the low MTU you
have in combination with some ICMP issues where network admins have some
screwy setup?

Can you confirm exactly which IP addresses on the sites you mention have
problems? You said it was portions 'within' the sites...