×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Can't FTP through VPN Tunnel

Unanswered Question
Mar 24th, 2003
User Badges:

Hi,

I have created a VPN tunnel from site A with 827 router to site B with a VPN 3030 concentrator. There is a telnet\ftp server on Site B's network, which happens to be the same server. I am able to telnet and access web servers

from site A to site B with no problem. I am also able to ftp from site B to site A

with no problem. However, I am NOT able to ftp from site A to site B and I get

a "unknown error number" message.

I do have a filter on the VPN 3030 to allow all tcp and udp ports from and to the destination.



Does anyone have any suggestions to fix this problem?


Thank you in advance for your help!

Paula


Paula

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
afakhan Mon, 03/24/2003 - 16:35
User Badges:
  • Bronze, 100 points or more

Hi,


you can try configuring a lower MTU value on the FTP server, like 1200B.


or you can do ping tests, ping -l nnnn -f to know the optimal value.


Thx

Afaq

paulawong Mon, 03/24/2003 - 16:40
User Badges:

HI Afaq,


I did the ping test as you suggested I got a reply with bytes=0 four times,

which looks unnormal. As for changing the MTU value on the FTP,

this is our VMS system and I do not have the rights nor would I want to

change a production box.


I am not sure if that bytes=0 number is really accurate..or what is it tell me ?


Thank you for your response.


Paula :)

carlton.patterson Tue, 03/25/2003 - 08:03
User Badges:

The problem to me sounds like a fragmentation problem. The session gets connected, but when you try to transfer the file, it does not work. The concentrator, in 3.6 code has fragmentation built into it, so when you are downloading from the side that has the concentrator, the packets are getting fragmented as they come from the concentrator's LAN to the 827's LAN, therefore, there is not a problem. The 827 however does not have fragmentation enabled by default, therefore, when you try to sit on the concentrator's network and download a file so that it comes from the 827's side across to the concentrator's side, the packets get discareded because the MTU is too big for the tunnel.

This can be fixed using a route map. Let me know if you need to know how to strip off the DF bit so that the packets can then be fragmented.

paulawong Tue, 03/25/2003 - 16:51
User Badges:

Thank you for responding.


The problem occurs before any file transferring. I can't even

ftp into the server. I get a connection error like it can't find

this ftp server. I've tried to telnet into port 21 (simulating a

ftp connection by using telnet) and I was able to get the

ftp server's prompt. So it appears to connect to port 21.

However, if I try to ftp into that box, I get the error.


Any other suggestions?


Paula

Actions

This Discussion