RE: IPSec VPN Tunnel not allowing large data transfer

From: Beernink, William (william.beernink@siemens.com)
Date: Wed May 03 2006 - 13:11:32 ART

• Next message: Jai Prakash: "OT : NAM Module reloading after software upgrade"
• Previous message: Beernink, William: "RE: IPSec VPN Tunnel not allowing large data transfer"
• Maybe in reply to: Beernink, William: "RE: IPSec VPN Tunnel not allowing large data transfer"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Noble,

Richard mentioned the tcp adjust-mss, that is a solution that can work
if you have cisco ios 12.2.4(T) or higher
in the following link there is some more information.
Under Solution they advice to check if icmp is blocked somewhere in the
route.
Most cases the icmp message telling you what the maximum segment size is
is blocked somewhere.
http://www.cisco.com/en/US/partner/tech/tk827/tk369/technologies_tech_no
te09186a0080093f1f.shtml
success william

________________________________

From: Noble [mailto:noble.ccie@gmail.com]
Sent: woensdag 3 mei 2006 17:33
To: Beernink, William
Cc: Cisco certification
Subject: Re: IPSec VPN Tunnel not allowing large data transfer

        Hi William,

        How can I set it correctly? Please advice.

        My Cisco router has 2 ethernet interfaces. One is connected to
Internet and other is connected LAN. Both of them are currently on MTU
1500.

        If we change the MTU on interface, will I loose my network
connectivity? I am actually remotely accessing the router.

        Thanks,

        -Noble

        On 5/3/06, Beernink, William <william.beernink@siemens.com >
wrote:

                Hi Noble,

                This is possibly due to an mtu size problem, which is
not negotiated
                during tcp setup
                When the mtu size is not negotiated both parties think
they can use
                1500.
                When using ftp or mail the df bit is possibly set.
Because of that the
                packets will be dropped because of the extra overhead of
ipsec.
                (the complete packet will be bigger then 1500 bytes)

                Regards William

                -----Original Message-----
                From: nobody@groupstudy.com [mailto:
nobody@groupstudy.com <mailto:nobody@groupstudy.com> ] On Behalf Of
                Noble
                Sent: woensdag 3 mei 2006 15:53
                To: Cisco certification
                Subject: OT: IPSec VPN Tunnel not allowing large data
transfer

                Hello GS,

                I have a cisco router connected to nortel contivity box
and doing IPSec
                VPN
                tunnel.
                I am able to ping / telnet to the other side network
from the Cisco
                Router
                side network but unable to send large mails / ftp data.
I am also able
                to
                send small mails with few lines. My mail server and ftp
server are
                sitting
                at Nortel Contivity Side.

                Any direction to resolve this issue will be higly
appreciated.

                Thanks,

                -Noble

• Next message: Jai Prakash: "OT : NAM Module reloading after software upgrade"
• Previous message: Beernink, William: "RE: IPSec VPN Tunnel not allowing large data transfer"
• Maybe in reply to: Beernink, William: "RE: IPSec VPN Tunnel not allowing large data transfer"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 01 2006 - 06:33:20 ART