I have a Konica Minolta copier on a VPN that uses a Cisco 501 pix for the tunnel and a windstream 4200 speedstream modem to get to the outside world. it does not matter if I try to access the web interface of the copier or scan to email the operation times out. I can access the web interface from the local subnet but not from a outside subnet on the VPN. The copier IP address is on the private tunnel. I ran a wireshark capture and found that I am getting IMCP destination unreachable Fragmentation needed errors. We know that the copier starts to send data to the mail server and then hangs up when the copier starts to send the scan data. The ICMP errors are coming from the Public IP address of the PIX and not through the private tunnel. My theory is that since the ICMP errors are coming from the public IP address and not through the Private tunnel, the copier never sees them and it just keeps trying to send the same over size packets over and over until it times out. Does anyone know how to correct this so the copier can receive these packets from the private tunnel so it can resend smaller packets upon request.
The MTU packet size on the copier cannot be changed. I have attached a screen shot of the packet error.
copier is 10..3.34.20, 255.255.255, 10,3.34.1
mail server 184.108.40.206
PIX public address is 220.127.116.11