Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

831/3005 Problaem

Hello, I have a 831 VPN user that has just changed ISP's from Comcast to Verizon. Her new connection comes up and the VPN connection looks good on our 3005 concentrator. Her 7960 IP Phone works fine but none of her Windows PC's seem to work correctly. The PC's take forever to boot up and once they do, they cannot browse the network and connect to M$ Exchange. IP pings work fine as well as the IP Phone. Nothing on the VPN has changed except now the connection is NAT-T. I have onther 831 users that are working fine with NAT-T.

I did not run the SDM Security function on this router.

Any Ideals?

Thanks, HARRY

  • Other Security Subjects
1 REPLY
New Member

Re: 831/3005 Problaem

It looks like mss and fragmentation problem. You can test it by doing pings with fixed sized packets and with DF bit set. generally using ip tcp mss-adjust on the inside interface on both sides on the tunnel (setting it to about 1380) should help. I also use crypto ipsec df-clear so that the DF bit is removed if any of the hosts attempts to set it.

92
Views
0
Helpful
1
Replies
This widget could not be displayed.