I have set up vpn remote tunnel from xp sp2 with easyvpn client to an asa 5510 head. The connection works from cable remotes, but not over a gprs connection.
Since ping works, I assumed it might be MTU related so I kept decreasing the mtu on both the gprs network interface and on that of the easyvpn. However, nothing happened (I got as low as MTU 500).
Our service provider uses private addresses so nat-t is set. the client connects, asks for the username with xauth, the connection seems to establish, but the tcp connections usually stop at SYN/ACK or ACK.
On the out1 IF of the head pre-fragmentation is enabled and DF bit is set to clear. I was thinking about decreasing the mtu on the out1 interface, but since the device is localted at a data center and is serving traffic on the same outside inferface, I was afraid that lowering the mtu on the out1 would result in slower transfers / higher cpu utilization of the fw.
What else should I try?
Any help is greatly appreciated.