09-07-2008 10:57 PM
Hi
I encountered a issue when I tried to setup the VPN between the ASA 5505 (version 8.0) and PIX 515E (version 6.3). The VPN can up and running. From the PC in remote site, it can get the IP from DHCP server in central site through the VPN tunnel, and the ping the DNS are all working correctly. But all applications (email, critrix) are not working fine. Attached are the configurations. Do you have any ideas about this issue?
Thanks. Leo
09-08-2008 10:40 AM
Hello Leo,
If the PING is working then this could be a fragmentation issue . IPsec adds its own header to normal application data packets and this could lead packet size more than 1500 bytes.
Try to adjust TCP MSS value on VPN end devices (Both PIX and ASA in your case)
Try to adjust TCP MSS value on PIX. For ASA check the following link.
sysopt connection tcp-mss MSS_size_in_bytes
example : sysopt connection tcp-mss 1360
You can also find the exact size for your connection using extended ping utility from your workstation as explained in following link .
For PIX and router( as vpn end devices) use following link
For ASA
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804c8b9f.shtml
HTH
Saju
Please rate if it helps
09-08-2008 04:53 PM
Thanks for your reply. I will try and let you know the result.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: