Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
380
Views
0
Helpful
2
Replies

MS Outlook Issues with VPN 3.5 Client and 3005

rtivnan
Level 1
Level 1

‎06-11-2002 08:23 AM - edited ‎02-21-2020 11:47 AM

My setup is the following: I have a 3005 concentrator which I recently upgrade the flash image to vpn3005-3.5.3.Rel-k9.bin. in order to support the IPSec over TCP addition (as alot of my remote users have Linksys routers doing NAT). I upgraded my clients with a mixture of version 3.5.1, 3.5.2, and 3.5.3

I'm noticing the following issues since then:

After upgrading the image on the 3005, my main user group could not connect. After changing the IPSec SA from ESP-3DES-MD5 to ESP/IKE-3DES/MD5, it worked. Since then, the following issues are taking place.

Whenever users are in MS Outlook we have a variety of things happen:

If anyone tries to attach a doc to an outgoing piece of mail, their machine hangs and eventually the IPSec connection is terminated ?

Sometimes, even just reading email in Outlook causes lose of connection.

Why did I have to change the IPSec SA method to get it to function again ?

Labels:
0 Helpful
2 Replies 2

ciscomoderator
Community Manager
Community Manager

‎06-17-2002 11:58 AM

Since there has been no response to your post, it appears to be either too complex or too rare an issue for other forum members to assist you. If you don't get a suitable response to your post, you may wish to review our resources at the online Technical Assistance Center (http://www.cisco.com/tac) or speak with a TAC engineer. You can open a TAC case online at http://www.cisco.com/tac/caseopen

If anyone else in the forum has some advice, please reply to this thread.

Thank you for posting.

0 Helpful

BruceD.Brown
Level 1
Level 1

‎06-17-2002 01:05 PM

Not sure if this is your fix, (and you may have already tried this), but the article I read on the TAC web site a few minutes ago (I think it was a V3.5.1 release notes doc), suggested that when this happens, decrease the MTU until this works correctly. Apparently MS Outlook sends a lot of data at initial connection, as well as when you send a large doc or attachment, and with a high MTU value set, it has to fragment the packet (due to encryption & other packet overhead), which causes retransmits, which hurts the performance, which could prevent the keepalives and dead peer detection packets from getting through.

Give this a try, it's easy enough to do. There was info in that article on exactly how to do this. Most clients have the "Set MTU" application listed next to the log viewer & dialer under start, programs. Hope this helps - Bruce

0 Helpful
Customers Also Viewed These Support Documents