VPN site to site double encryption problems

Unanswered Question
Jul 17th, 2004

I want to implement double encryption between two sites.

PIX-Router-Router-PIX

@ ********** @

@@@@@@@@@@@@@@@@@@|

The first tunnel is between two pix 501. Using AES. Everything works fine. Now I add IPsec 3des tunnel between the two routers.

Both tunnel are established.

The problem some application works fine but other not. As example telnet works but SAP gui not.

I use mtu 1400.

There aren’t any error messages in the pix.

In the router i receive the following message:

IPsec (encapsulate) error in encapsulation

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ehirsel Sun, 07/18/2004 - 18:42

On what device did you adjust the mtu size to 1400 on? The pix or the router? Did you alsomake an adjustment on the tcpmss max size sysopt option on the pix (i.e., instead of using 1380, did you use 1280) - I believe that this needs done even if the mtu of 1400 was set on the pix-to-router interface?

On what router did you receive the error message, the left or the right router, or both - (using your topology diagream)?

doron_dd2 Wed, 11/10/2004 - 01:14

hi

we did the MTU changes in all PIX interface + router.

i change tcpmss max size to 1280 as well.

no change. some aplication like FTP works fine but SAP GUI dont work.

any idea ?

Actions

Login or Register to take actions

This Discussion

Posted July 17, 2004 at 12:24 AM
Stats:
Replies:2 Overall Rating:
Views:348 Votes:0
Shares:0
Tags: No tags.
 

Discussions Leaderboard

Rank Username Points
1
Federico Coto F...
1,913
2
Jouni Forss
1,876
3
Marvin Rhoads
1,595
4
Karsten Iwen
1,109
5
Jon Marshall
683
Rank Username Points
Jon Marshall
145
rizwanr74
77
Karsten Iwen
46
Marvin Rhoads
20
antondaneyko
10