837 VPn works but 877 has problems

Unanswered Question
Oct 4th, 2007

This is one for the experts :)

I have a site to site between 2 offices on an ADSL line. It's a Cisco 837 to a Cisco concentrator. I put the network in a few months back and it's all working fine, but I want to put an 877 in as the CPU on the 837 is always around 90%.

I put the 877 in yesterday but quickly took it off as some users could not get onto Outlook or Citrix etc, eventhough they could ping all servers by IP and DNS!! When I look in the Event logs of the Windows XP PC's then it says the PC couldn't contact the domain, however I can ping the domain controllers and the domain name itself.

Strange thing is one of the users was fine. The 877 just plugs into a 24 port switch.

I have the configs to attach if you would like to help me, there are slight differences, but you can tell me if it would cause a problem.

I have just put my laptop into the router on my ADSL line and it works fine, is there some sort of overload when more users are on it, not sure if there is any debugging commands I could try.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
aacole Thu, 10/11/2007 - 11:04

The different hardware shouldnt cause an issue, and I'd expect the config from one to work on the other if they are running the same IOS versions.

Based on a similar issue I had sometime ago I'd suspect an MTU issue, this stopped exchange working for me even though the VPN l2l link supported telnet etc.

I resolved it by using the TCP MSS adjust command, but cannot remember the exact syntax. It was applied to one of the non encrypted lan ports.

whiteford Thu, 10/11/2007 - 11:37

I'm not sure what interface I should put that on, dialer 1, atm 0, vlan 1, or on fast ethernet 1 which connects to the office switch. Not sure what the mtu should be set to either as I'm not experienced enough.

aacole Mon, 10/15/2007 - 07:24

Put it on Fe1, so that any traffic that goes across that interface will be processed.

if your still having problems, as its a long shot that this may resolve the problem, post up your configurations, may be able to spot the problem.

Set the MSS value to 1380 should be low enough.

whiteford Mon, 10/15/2007 - 08:34

When live with it today and all users are happy. Although I haven't out anything into the vlan 1 or on the fast ethernet port for the mtu, should I still add this?

Actions

This Discussion