Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1004
Views
0
Helpful
4
Replies

Can't FTP through VPN Tunnel

paulawong
Level 1
Level 1

‎03-24-2003 12:08 PM - edited ‎02-21-2020 12:26 PM

Hi,

I have created a VPN tunnel from site A with 827 router to site B with a VPN 3030 concentrator. There is a telnet\ftp server on Site B's network, which happens to be the same server. I am able to telnet and access web servers

from site A to site B with no problem. I am also able to ftp from site B to site A

with no problem. However, I am NOT able to ftp from site A to site B and I get

a "unknown error number" message.

I do have a filter on the VPN 3030 to allow all tcp and udp ports from and to the destination.

Does anyone have any suggestions to fix this problem?

Thank you in advance for your help!

Paula

Paula

Labels:
0 Helpful
4 Replies 4

afakhan
Level 4
Level 4

‎03-24-2003 04:35 PM

Hi,

you can try configuring a lower MTU value on the FTP server, like 1200B.

or you can do ping tests, ping -l nnnn -f to know the optimal value.

Thx

Afaq

0 Helpful

paulawong
Level 1
Level 1
In response to afakhan

‎03-24-2003 04:40 PM

HI Afaq,

I did the ping test as you suggested I got a reply with bytes=0 four times,

which looks unnormal. As for changing the MTU value on the FTP,

this is our VMS system and I do not have the rights nor would I want to

change a production box.

I am not sure if that bytes=0 number is really accurate..or what is it tell me ?

Thank you for your response.

Paula :)

0 Helpful

carlton.patterson
Level 1
Level 1

‎03-25-2003 08:03 AM

The problem to me sounds like a fragmentation problem. The session gets connected, but when you try to transfer the file, it does not work. The concentrator, in 3.6 code has fragmentation built into it, so when you are downloading from the side that has the concentrator, the packets are getting fragmented as they come from the concentrator's LAN to the 827's LAN, therefore, there is not a problem. The 827 however does not have fragmentation enabled by default, therefore, when you try to sit on the concentrator's network and download a file so that it comes from the 827's side across to the concentrator's side, the packets get discareded because the MTU is too big for the tunnel.

This can be fixed using a route map. Let me know if you need to know how to strip off the DF bit so that the packets can then be fragmented.

0 Helpful

paulawong
Level 1
Level 1
In response to carlton.patterson

‎03-25-2003 04:51 PM

Thank you for responding.

The problem occurs before any file transferring. I can't even

ftp into the server. I get a connection error like it can't find

this ftp server. I've tried to telnet into port 21 (simulating a

ftp connection by using telnet) and I was able to get the

ftp server's prompt. So it appears to connect to port 21.

However, if I try to ftp into that box, I get the error.

Any other suggestions?

Paula

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents