VPN site to site double encryption problems

Unanswered Question
Jul 17th, 2004
User Badges:

I want to implement double encryption between two sites.


@ ********** @


The first tunnel is between two pix 501. Using AES. Everything works fine. Now I add IPsec 3des tunnel between the two routers.

Both tunnel are established.

The problem some application works fine but other not. As example telnet works but SAP gui not.

I use mtu 1400.

There aren’t any error messages in the pix.

In the router i receive the following message:

IPsec (encapsulate) error in encapsulation

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ehirsel Sun, 07/18/2004 - 18:42
User Badges:
  • Silver, 250 points or more

On what device did you adjust the mtu size to 1400 on? The pix or the router? Did you alsomake an adjustment on the tcpmss max size sysopt option on the pix (i.e., instead of using 1380, did you use 1280) - I believe that this needs done even if the mtu of 1400 was set on the pix-to-router interface?

On what router did you receive the error message, the left or the right router, or both - (using your topology diagream)?

doron_dd2 Wed, 11/10/2004 - 01:14
User Badges:


we did the MTU changes in all PIX interface + router.

i change tcpmss max size to 1280 as well.

no change. some aplication like FTP works fine but SAP GUI dont work.

any idea ?


This Discussion