cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
349
Views
0
Helpful
2
Replies

ASA 5505 8.0 issue

xzjleo2005
Level 1
Level 1

Hi

I encountered a issue when I tried to setup the VPN between the ASA 5505 (version 8.0) and PIX 515E (version 6.3). The VPN can up and running. From the PC in remote site, it can get the IP from DHCP server in central site through the VPN tunnel, and the ping the DNS are all working correctly. But all applications (email, critrix) are not working fine. Attached are the configurations. Do you have any ideas about this issue?

Thanks. Leo

2 Replies 2

singhsaju
Level 4
Level 4

Hello Leo,

If the PING is working then this could be a fragmentation issue . IPsec adds its own header to normal application data packets and this could lead packet size more than 1500 bytes.

Try to adjust TCP MSS value on VPN end devices (Both PIX and ASA in your case)

Try to adjust TCP MSS value on PIX. For ASA check the following link.

sysopt connection tcp-mss MSS_size_in_bytes

example : sysopt connection tcp-mss 1360

You can also find the exact size for your connection using extended ping utility from your workstation as explained in following link .

For PIX and router( as vpn end devices) use following link

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008081e621.shtml#Issues

For ASA

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804c8b9f.shtml

HTH

Saju

Please rate if it helps

Thanks for your reply. I will try and let you know the result.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: