Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Crypto ipsec df-bit....

Hi,

When I test a vpn tunnel using sdm and the attached warning is shown.

Only occurs testing a one of three vpn tunnels which there are configured.

I?ve added "crypto ipsec df-bit clear" command but the error is still appearing.

Why?

Best regards

heze54

5 REPLIES
Cisco Employee

Re: Crypto ipsec df-bit....

Hi,

YOu can try lowering down the TCP MSS on the LAN interface.

int Eth0/0

ip tcp adjust-mss 1200

exit

HTH,

-Kanishka

New Member

Re: Crypto ipsec df-bit....

Hi,

Why this message is only shown when I test a vpn connection? I have several vpn tuunels and only occurs with one.

best regards

Cisco Employee

Re: Crypto ipsec df-bit....

Hi,

Is this a VPN Client connection or its another Site to site ?

Also, have you enabled "cry ipsec df-bit clear" globally or on the Interface ? and on which Interface ?

-Kanishka

New Member

Re: Crypto ipsec df-bit....

Hi,

Is a vpn tunnel router to router configured.

interface Ethernet0

no ip address

no ip proxy-arp

shutdown

hold-queue 100 out

!

interface Ethernet2

description $FW_INSIDE$

ip address xxxxxxxxxx

ip access-group 101 in

no ip proxy-arp

ip nat inside

ip virtual-reassembly

hold-queue 100 out

!

interface ATM0

no ip address

no ip proxy-arp

no atm ilmi-keepalive

dsl operating-mode auto

!

interface ATM0.1 point-to-point

description $FW_OUTSIDE$

ip address xxxxxxxxxxxxxxx

ip access-group 103 in

no ip proxy-arp

ip nat outside

ip virtual-reassembly

crypto map xxxxxxx

pvc 8/32

encapsulation aal5snap

!

!

which wold be the best configuration?

Best regards

Cisco Employee

Re: Crypto ipsec df-bit....

Hi,

Is this a VPN Client connection or its another Site to site ?

Also, have you enabled "cry ipsec df-bit clear" globally or on the Interface ? and on which Interface ?

-Kanishka

513
Views
0
Helpful
5
Replies
CreatePlease login to create content