02-12-2009 02:32 PM
I migrated remote users from MS PPTP to Cisco Client VPN 2 month ago. Eversince this was done, it has been nothing but long lockups, freeze, disconnects and crashing Citrix sessions. Prior to migration, all connections were coming through a PIX 520 to a MS VPN server on the inside. Now, it is an ASA 5520 as a VPN server.
I applied "crypto ipsec df-bit clear outside" but no luck. I also confirmed Client MTU settings are 1300. Internal users have no issues with access Citrix. It is only remote uers started exeperiencing the issue when migrated to Cisco VPN client.
Any ideas?
Thanks,
02-15-2009 12:37 PM
Are you policing or shaping any of the crypto traffic?
02-15-2009 05:31 PM
No, i am not.
I have 45Mbps of internet link burstable to 60M. My daily utilization is close to 30Mbps out and 35Mbps in.
I've applied the "crypto ipsec df-bit clear-df outside" and the default settinsg for "fragment outside/inside before encryption". I will be changing the "syspot connection tcpmss" from 1200 to default 1380, but not sure if the tcpmss is the root casue! However, i will try anything to end this nightmare!
Thanks,
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: