Strange Issue

Unanswered Question
May 23rd, 2007
User Badges:

Well, the cisco vpn client is connected, i can ping my far end and can download/upload file less than 6MB. Whenever I try to download files larger than 6MB, download start but it ends up with the error network path no longer, while the vpn connection is quite fine. This is an interesting case..


I know there are some mss/mtu tweaks which i already have tried, our remote end far away there are 15 to 20 hops ...where i should make mss/mtu changes?


What do you suggest, what could be wrong?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ggilbert Thu, 05/24/2007 - 03:19
User Badges:
  • Cisco Employee,

Hello,


What is the remote end site? Is it a PIX or an ASA or a router.


If it is a router, would it be possible to implement the command "crypto ipsec df-bit clear" on the global or interface level. See if that makes a difference.


From the client side, can you ping the server with an MTU of 1350.


command would be : ping ipaddress -l 1350


If you get a response, increase the setting by increments of 5. i.e 1355, 1360, etc...see where it fails. If you do not get a response at one point, go back to the previous MTU setting then increase it by increments of 1 or 2, see where it fails and get the MTU where it works.


Set it on the client and see if that makes a difference.


On the head end side, take a sniffer capture and see where it fails. Sniffers would help you out.


Hope this helps.


Cheers

Gilbert

Actions

This Discussion