File Copy issue over IPSEC Tunnel

Unanswered Question
Jul 22nd, 2008

Hello-

I have a LAN-to-LAN VPN in place. I have a Cisco 3030 on one side and a Cisco 3020 on the other side. If I try to copy file bigger then 10mb over this VPN tunnel from one Windows server to another Windows server it fails after a while and says "network name is no longer available".

During my failed copy attempts, I started a continuous ping from server A to server B and I do not drop one single packet. The VPN tunnel is up at all times and I see packets encrypting and decrypting. I also see no errors on either Concentrators log and both are running the latest code. Any help would be greatly appreciated.

Thanks in advance.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
hadbou Mon, 07/28/2008 - 10:11

Add the command to both the routers 3020 and 3030 at the end of the tunnel which may solve the issue you are facing.To adjust the maximum segment size (MSS) value of TCP SYN packets going through a router, use the ip tcp adjust-mss command in interface configuration mode. To return the MSS value to the default setting, use the no form of this command.

I agree with hadbou, but you don't actually need to add it on both sides, as only one side needs to see the transient TCP packets, but first you must see what MSS is being negotiated in the TCP handshake. use wireshark and capture the session - once you know what MSS is being negotiated, you actually need to see what the optimum MTU should be - use mturoute (google it)

Then choose the mss that will work for you.

HTH>

Actions

This Discussion