IPSEC tunnel over DSL traffic dropped or stripped

Unanswered Question
Feb 15th, 2007

I have an IPSEC between a pix 506 and an ASA5510. The tunnel is over DSL links and there is a problem with traffic not going through correctly. Initially I was trying to get a server remotely to join the domain across the VPN but this was timing out. I adjusted the MTU on the outside interfaces of the firewall to 1360 so that the IPSEC SA would negotiate 1360 MTU and this then enabled the server to join the domain but I am still experiencing problems where traffic appears to be dropping or packets getting stripped. I have tried to implement Exindas between the two sites to accelerate the traffic but initially these couldn't even talk to each other until I modified the MTU as above. The PIX 506 terminate the DSL line using PPPoE and at the remote site there is an 877 that terminates the line and then connects to the ASA.

I have also tried to use DES as apposed to AES but this has not effect.

Any ideas or thought most appreciated!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
davidbuit Thu, 02/15/2007 - 17:21

Further to this, I have tried to use ip tcp adjust-mss on the VLAN interface on the 877 but as this is after the tunnel it has no effect.



This Discussion