one application problem with site2site vpn

Unanswered Question
Oct 28th, 2009


we have hub and spoke MPLS network connecting HO to remote sites.

in each site one cisco router (3800 in HO and 1800 in remote) connects the LAN to the MPLS network.

we activated IPsec between these routers.

it was working fine for some period, then one day, one oracle appliation began to hang. all other applications are working fine. we can also ping this server from everywhere.

if we remove crypto map, the oracle application works correctly.

using sniffer we can see that the connection is established correctly, then in data transfer, the client said it is waiting for sequence nbr 1234 (for example) in the server side we can see that the server has sent this seq. but the client did not receive it.

so why HO router fails to send these TCP sequence correctly?

any idea.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Collin Clark Thu, 10/29/2009 - 07:52

Have you checked your MTUs? Oracle could be fussy about fragmented packets.

ohassairi Sat, 10/31/2009 - 22:19

hi collin

i also feel it is related to MTU issue. but i have no idea how to troubleshoot this kind of problems.

should i configure a new MTU and how to find the best value?


ohassairi Sun, 11/01/2009 - 22:48

indeed i found the router needs to fragment the packet but DF is set. so using route map i let DF = 0.

and that's solved the problem


This Discussion