RE: GRE over IPSEC VPN MTU issue.....

From: Biggs, Jeff \(M/CIO/BIE\) (JBiggs@usaid.gov)
Date: Tue Jul 24 2007 - 12:36:28 ART

• Next message: CCIE CCIE: "Re: ADSL Proplem"
• Previous message: Hafiz Ahmed: "Re: need help:problem with AAA authorization with Radius"
• Maybe in reply to: Biggs, Jeff \(M/CIO/BIE\): "GRE over IPSEC VPN MTU issue....."
• Next in thread: Guyler, Rik: "RE: GRE over IPSEC VPN MTU issue....."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Disregard, we found the problem is something on the destination FTP server. Our wonderful LAN Support team made some changes to the GPO without letting us (network team) know.

AHHHHHHHH!!!!

Thanks all!!!!

Jeffrey Biggs
Sr. Network Engineer
M/CIO/BIE
CCNP, CCDA
240-646-5003
jbiggs@usaid.gov
 
This e-mail is intended for the addressee only. If you are not the intended recipient, please be aware that the unauthorised use or disclosure of the information it contains, or the unauthorised copying or re-transmission of the e-mail are strictly prohibited. Such action may result in legal proceedings. If the e-mail has been sent to you in error, please accept our apologies, advise the sender as soon as possible and then delete the message. Under the Freedom of Information Act 2000 / Data Protection Act 1998, the contents of this e-mail, whether it is marked confidential or otherwise, may be disclosed.

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Biggs, Jeff (M/CIO/BIE)
Sent: Tuesday, July 24, 2007 9:39 AM
To: ccielab@groupstudy.com
Subject: GRE over IPSEC VPN MTU issue.....

We are testing a solution that we already have in place on a different
vendor, but testing with a new firewall set (Juniper Netscreens).
Anyway, we are running GRE over IPSEC for routing purposes over our
VPN's and for some reason with the new solution, the MTU is not
negotiating down (we are clearing the DF BIT, so PMTUD is not an issue
here) to the 1420 MTU I have set on the GRE Tunnels.

Also it seems that from one network, we have no issues RDP'ing or
FTP'ing but from another it fails. This seems like a rule base issue,
but I don't control the firewall, so I am "relying" on the firewall team
to make sure is it not.

Anyone have an ideas to test this. I know about the ip tcp mss-adjust
command, but the current solution doesn't require this, so I want to try
and avoid it if possible.

Anyone seen something like this before or have an ideas for direction?

Thanks,

Jeffrey Biggs

Sr. Network Engineer

M/CIO/BIE

CCNP, CCDA

240-646-5003

jbiggs@usaid.gov <mailto:jbiggs@usaid.gov>

This e-mail is intended for the addressee only. If you are not the
intended recipient, please be aware that the unauthorised use or
disclosure of the information it contains, or the unauthorised copying
or re-transmission of the e-mail are strictly prohibited. Such action
may result in legal proceedings. If the e-mail has been sent to you in
error, please accept our apologies, advise the sender as soon as
possible and then delete the message. Under the Freedom of Information
Act 2000 / Data Protection Act 1998, the contents of this e-mail,
whether it is marked confidential or otherwise, may be disclosed.

• Next message: CCIE CCIE: "Re: ADSL Proplem"
• Previous message: Hafiz Ahmed: "Re: need help:problem with AAA authorization with Radius"
• Maybe in reply to: Biggs, Jeff \(M/CIO/BIE\): "GRE over IPSEC VPN MTU issue....."
• Next in thread: Guyler, Rik: "RE: GRE over IPSEC VPN MTU issue....."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Aug 18 2007 - 08:17:41 ART