IPsec Tunnel Private-to-Private network just goes one way

istvanhoka · ‎04-04-2008

Hi there!

First time Cisco setup for me, trying to setup a VPN between headquarters (peer 100.1.1.1, internal network 192.168.2.*) and a branch office (peer 200.1.1.1, internal network 192.168.1.*).

I followed this guide (minus the static NAT): http://cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094634.shtml.

What works:

- pings work either way;

- http works either way;

- windows file sharing works either way;

What does not work:

- remote desktop works going from headquarters to branch office but not viceversa;

- ftp works only from headquarters to branch office but not viceversa.

Router configuration for both offices is attached. Any help is greatly appreciated. IPs are changed for security.

Jon Marshall · ‎04-04-2008

This sounds like an MTU issue. Please see the attached doc which discusses the issue and has workarounds.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008081e621.shtml

Jon

istvanhoka · ‎04-07-2008

After reading the suggested doc about fragmentation, I adjusted the both the MTU and TCP MSS to 1300. There was no change in the behaviour.

I am attaching the updated configurations.