cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
799
Views
0
Helpful
5
Replies

Crypto ipsec df-bit....

edgar-quintana
Level 1
Level 1

Hi,

When I test a vpn tunnel using sdm and the attached warning is shown.

Only occurs testing a one of three vpn tunnels which there are configured.

I?ve added "crypto ipsec df-bit clear" command but the error is still appearing.

Why?

Best regards

heze54

5 Replies 5

kaachary
Cisco Employee
Cisco Employee

Hi,

YOu can try lowering down the TCP MSS on the LAN interface.

int Eth0/0

ip tcp adjust-mss 1200

exit

HTH,

-Kanishka

Hi,

Why this message is only shown when I test a vpn connection? I have several vpn tuunels and only occurs with one.

best regards

Hi,

Is this a VPN Client connection or its another Site to site ?

Also, have you enabled "cry ipsec df-bit clear" globally or on the Interface ? and on which Interface ?

-Kanishka

Hi,

Is a vpn tunnel router to router configured.

interface Ethernet0

no ip address

no ip proxy-arp

shutdown

hold-queue 100 out

!

interface Ethernet2

description $FW_INSIDE$

ip address xxxxxxxxxx

ip access-group 101 in

no ip proxy-arp

ip nat inside

ip virtual-reassembly

hold-queue 100 out

!

interface ATM0

no ip address

no ip proxy-arp

no atm ilmi-keepalive

dsl operating-mode auto

!

interface ATM0.1 point-to-point

description $FW_OUTSIDE$

ip address xxxxxxxxxxxxxxx

ip access-group 103 in

no ip proxy-arp

ip nat outside

ip virtual-reassembly

crypto map xxxxxxx

pvc 8/32

encapsulation aal5snap

!

!

which wold be the best configuration?

Best regards

Hi,

Is this a VPN Client connection or its another Site to site ?

Also, have you enabled "cry ipsec df-bit clear" globally or on the Interface ? and on which Interface ?

-Kanishka

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: