Hi folks -
I recently had an issue with two sites that had a site-2-site vpn tunnel between them. One site was hosting all the application servers (let's call this site A). All clients at site B (second site) were able to ping servers at site A using both the IP address and the DNS name. However, applications such as SAP and Outlook would not connect to the servers, even though ping was working fine. On some workstations, applications were working fine and on some, applications were not working fine. All workstations were running Windows XP SP2.
I entered the following command on the router at site B. The router was the VPN endpoint. After enterting this command, all workstations were able to connect to the applications successfully.
crypto ipsec df-bit clear
I believe this command clears the df bit setting from the client and allows the router to defragment the packet if needed. However, why were some clients able to connect to the applications and others not, even though they were running the same OS with the same Service Pack.
Would appreciate your thoughts?