We have a unique problem with one of our vpn field office setup. The vpn tunnel seemed to be perfectly working but application, such as http, smtp and others don't work.
Firewall policies between sites are properly configured and do not filter these applications.
The field office has a 128kbps dsl connection to internet whereas HQ has a dual ds3.
For the most part the problem was that the web content would not display on the IE. The web server is pingable and dns is properly resolving. In the case of SMTP, replication does not go through between mail servers located on both sides but again both are pingable to each other.
We are running out of ideas and running out of time resolving the problem. Anything that could help will be much appreciated.
This sounds strangely familiar to a problem that I encountered in our development lab. We had two offices in different cities connected via two PIX-501's.
In our case, both sides used DSL connections, but from different providers.
We had problems with various applications, but the one that stuck out was web base apps not working.
We ended up adjusting the MTU size downwards until we hit a sweet spot.
Off the top of my head, there was an article on DSLreports.com, and I believe an article on Cisco that provided background to this issue.
In a nutshell, packets routing across the VPN incur some overhead, and the default MTU-size of 1492 bytes (1500-8bytes for the TCP/IP Header) resulted in fragmented packets. The issue is often encountered in DSL installations.
We used Dr.TCP to adjust the MTU size on the windows boxes, but if you use the Cisco VPN client, it also allows you to adjust the MTU size.
You also need to set the MTU size on your routers.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...