Passing SAP traffic thru VPN IPSec

ron-tan · ‎11-05-2003

Hi all,

I'm currently having difficulties passing SAP traffic thru a site-to-site Crypto tunnel setup between a Cisco 7206VXR and Nortel box. Ping and Traceroute works fine but SAP application is apparently having problems.

Had tried to pass the same traffic over the normal LAN/WAN link and things are looking fine but once we started to send them across the VPN tunnel, things starts to fall apart. SAP had provided a local tool called "niping" which is supposed to send ICMP thru the local SAProuter to the destination SAPserv. It did not work on the VPN as well.

Any advise to get the traffic thru ? As a side note, I had came across documents on the CCO that suggested configuring "ip tcp adjust-mss" but my VPN box is running on IOS 12.1 which doesn't seems to support the above command. Alternatively, I had configured route-map to set the DF bit to "0" for all SAP traffic and that does not work too.

TIA.

d-garnett · ‎11-06-2003

try setting the 'ip tcp path-mtu-discovery' global config command and set the mtu down to 1400 on the cisco router's inside interface 'mtu 1400' and 'ip mtu 1400'.

ron-tan · ‎11-06-2003

I tried to set the above commands, both 'ip tcp path-mtu-discovery' and 'ip mtu 1400' worked but entering 'mtu 1400' gives:

VPN(config-if)#mtu 1400

% Interface FastEthernet0/0 does not support user settable mtu.

TIA.