I have created a VPN tunnel from site A with 827 router to site B with a VPN 3030 concentrator. There is a telnet\ftp server on Site B's network, which happens to be the same server. I am able to telnet and access web servers
from site A to site B with no problem. I am also able to ftp from site B to site A
with no problem. However, I am NOT able to ftp from site A to site B and I get
a "unknown error number" message.
I do have a filter on the VPN 3030 to allow all tcp and udp ports from and to the destination.
Does anyone have any suggestions to fix this problem?
The problem to me sounds like a fragmentation problem. The session gets connected, but when you try to transfer the file, it does not work. The concentrator, in 3.6 code has fragmentation built into it, so when you are downloading from the side that has the concentrator, the packets are getting fragmented as they come from the concentrator's LAN to the 827's LAN, therefore, there is not a problem. The 827 however does not have fragmentation enabled by default, therefore, when you try to sit on the concentrator's network and download a file so that it comes from the 827's side across to the concentrator's side, the packets get discareded because the MTU is too big for the tunnel.
This can be fixed using a route map. Let me know if you need to know how to strip off the DF bit so that the packets can then be fragmented.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...