We have two Cisco 1811 routers configured to establish an IPSEC VPN with each other. The VPN connection establishes just fine, and we are able to ping across the tunnel, however, applications like RDP or joining a domain fail to work properly. We have ruled out duplex mismatches and other common problems. One really interesting twist is that we can connect a laptop to the network and it will work just fine. However the desktop PC's are failing to work. We have tried swapping out NIC cards and other devices without any success. We even reformatted a PC completely to eliminate the computers.
Today we upgraded the IOS on both routers to 12.4(15)T3 hoping that would resolve the issue, but it has not.
I've attached the configs from both routers and also a packet dump that was taken while a PC (192.168.25.17) was trying to RDP to a server (192.168.24.200) across the tunnel. I am seeing a lot of duplicate packets, but I can't make complete sense of it.
Has anyone else seen this before? Are we missing something obvious here?
try clearing the df-bit and also setting a tcp mss value on the lan facing interface. you can zero down on the mss vlaue by doing an extended ping,
ping x.x.x.x -l 1400 -f
keep on reducing the value after -l till you get a successful reply.
subtract 60 from this value and apply this as the mss value on the lan facing interface with the help of ip tcp adjust-mss command.