02-09-2007 03:53 AM - edited 02-21-2020 02:51 PM
Hi,
When I test a vpn tunnel using sdm and the attached warning is shown.
Only occurs testing a one of three vpn tunnels which there are configured.
I?ve added "crypto ipsec df-bit clear" command but the error is still appearing.
Why?
Best regards
heze54
02-16-2007 06:07 AM
Hi,
YOu can try lowering down the TCP MSS on the LAN interface.
int Eth0/0
ip tcp adjust-mss 1200
exit
HTH,
-Kanishka
02-16-2007 06:44 AM
Hi,
Why this message is only shown when I test a vpn connection? I have several vpn tuunels and only occurs with one.
best regards
02-16-2007 06:48 AM
Hi,
Is this a VPN Client connection or its another Site to site ?
Also, have you enabled "cry ipsec df-bit clear" globally or on the Interface ? and on which Interface ?
-Kanishka
02-16-2007 07:14 AM
Hi,
Is a vpn tunnel router to router configured.
interface Ethernet0
no ip address
no ip proxy-arp
shutdown
hold-queue 100 out
!
interface Ethernet2
description $FW_INSIDE$
ip address xxxxxxxxxx
ip access-group 101 in
no ip proxy-arp
ip nat inside
ip virtual-reassembly
hold-queue 100 out
!
interface ATM0
no ip address
no ip proxy-arp
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $FW_OUTSIDE$
ip address xxxxxxxxxxxxxxx
ip access-group 103 in
no ip proxy-arp
ip nat outside
ip virtual-reassembly
crypto map xxxxxxx
pvc 8/32
encapsulation aal5snap
!
!
which wold be the best configuration?
Best regards
02-16-2007 06:51 AM
Hi,
Is this a VPN Client connection or its another Site to site ?
Also, have you enabled "cry ipsec df-bit clear" globally or on the Interface ? and on which Interface ?
-Kanishka
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: