ASA 5505 8.0 issue

Unanswered Question
Sep 7th, 2008
User Badges:

Hi


I encountered a issue when I tried to setup the VPN between the ASA 5505 (version 8.0) and PIX 515E (version 6.3). The VPN can up and running. From the PC in remote site, it can get the IP from DHCP server in central site through the VPN tunnel, and the ping the DNS are all working correctly. But all applications (email, critrix) are not working fine. Attached are the configurations. Do you have any ideas about this issue?


Thanks. Leo



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
singhsaju Mon, 09/08/2008 - 10:40
User Badges:
  • Silver, 250 points or more

Hello Leo,


If the PING is working then this could be a fragmentation issue . IPsec adds its own header to normal application data packets and this could lead packet size more than 1500 bytes.


Try to adjust TCP MSS value on VPN end devices (Both PIX and ASA in your case)


Try to adjust TCP MSS value on PIX. For ASA check the following link.


sysopt connection tcp-mss MSS_size_in_bytes

example : sysopt connection tcp-mss 1360


You can also find the exact size for your connection using extended ping utility from your workstation as explained in following link .

For PIX and router( as vpn end devices) use following link

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008081e621.shtml#Issues


For ASA

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804c8b9f.shtml


HTH

Saju

Please rate if it helps

xzjleo2005 Mon, 09/08/2008 - 16:53
User Badges:

Thanks for your reply. I will try and let you know the result.

Actions

This Discussion