cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
261
Views
5
Helpful
2
Replies

VPN tunnel cannot route one destination/ports more then a minute

ciscotech4u
Level 1
Level 1

Dear All,

I had recently established VPN tunnel from Cisco 2800 series router to VPN concentarator , this is simple a LAN to LAN VPN tunnel and i can access servers through the VPN tunnel.so far so good but i am facing issue with one destination/servers which is hosted on https.I can access this destination through VPN tunnel but with in minute i loose it(but other servers works

it means the VPN tunnel is not down) and if i reaaplied VPN tunnel ( remove crypto map and apply again) , the server access starts working but only less then 1 minute.. it's difficult to hone down it server issue ..as when the server access stops working if i tried to do telnet on the server(port 443) it failed but if i reapply the VPN tunnel and telnet on Port 443 start working but less then 1 minute.

however more confusing is that telnet always work on this server for port 80.so it means it's not routing issue.

but on port 443 it works for less then i minute and after resetting the tunnel it starts working but for 1 minute only ...

any pointes to resolve this issue will be very helpful.

IOS Image : c2800nm-advipservicesk9-mz.124-3a.bin

thanks,KNK

2 Replies 2

kaachary
Cisco Employee
Cisco Employee

Sounds like a packet size issue. Lower down the TCP MSS on the Lan interface of the router:

int fasteth0

ip tcp adjust-mss 1452

exit

Lower down the value by 50 bytes each time, till you see any improvement.

*Please rate if helped.

-Kanishka

dear Kanishka,

i have reaaplied the ACl's and it start working fine , but i got another long pending issue resolved by your suggestion.

thanks,KNK

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: