ssl vpn svc on ios one way communication only

Unanswered Question
Feb 3rd, 2008
User Badges:

Hi,

I tried to configure svc on a IOS box(12.4(6)T5) with split tunneling and loopback interface.

The address pool is from the same subnet(RFC1918) as the loopback interface.


Apparently everything is ok, the ssl vpn client is downloaded, the connection is made, in statistics i see traffic, but im unable to initiate any tcp connection to the internal lan.


I have done some packet capturing on the inside lan..the syn packet arrives to the destination server,the server respond with synack but the response never arrives back to the ssl vpn client.

However i can ping the loopback interface ip.


Any ideas?


Thank You.

Tunnel Statistics:

Active connections : 1

Peak connections : 1 Peak time : 00:04:53

Connect succeed : 1 Connect failed : 0

Reconnect succeed : 0 Reconnect failed : 0

DPD timeout : 0

Client Server

in CSTP frames : 87 out IP pkts : 83

in CSTP data : 83

in CSTP control : 4

in CSTP bytes : 7900 out IP bytes : 7159

out CSTP frames : 4 in IP pkts : 0

out CSTP data : 0

out CSTP control : 4

out CSTP bytes : 32 in IP bytes : 0


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
erikpotteiger Mon, 04/14/2008 - 10:54
User Badges:

I am having a similar problem with the same setup IOS router and anyconnect client.


I can get mine to work for a while. I can access some items but after time goes by I can only send packets from the client and I never receive anything back.


I thought maybe it is because fragmentation. I enabled ip tcp mss-adjust 1300 on the VPN interface and it did help. I think it is still fragmenting UDP packets. At this point I can open Outlook 2003 and RDP sessions to Windows Servers but as soon as I try copying a file using SMB from a Windows Server it stops sending and I lose connection to the VPN. The anyconnect client shows still connected and it sends but it doesn't receive. I think it is because I am experiencing UDP fragmentation


Did you find a solution or can anyone else help?


Thank you.

Actions

This Discussion