Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Site to site VPN issue - Problem with IOS 12.4?

I have a site with multiple VPN's configured. Sites with routers (all Cisco) running IOS 12.3 or lower are fine. New routers with IOS 12.4 can establish the VPN link and I can ping the remote networks. When I try to access the Intranet home page from a remote site, the home page appears but I am not able to access any pages. A similar thing is happening with another application (client/server SQL program). The clent (remote site) can logon to the SQL database and perform some task, but then will get a connectivity error. Sites running IOS 12.3 have no such problems.

ANY ideas please?

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Re: Site to site VPN issue - Problem with IOS 12.4?

Looks like an MTU issue.

see if you can clear the df-bit in the encrypted packet using the command

crypto ipsec df-bit clear

or

On the outgoing interface use the command ip tcp adjust-mss 1400.

Let me know if it helps

2 REPLIES
Silver

Re: Site to site VPN issue - Problem with IOS 12.4?

Looks like an MTU issue.

see if you can clear the df-bit in the encrypted packet using the command

crypto ipsec df-bit clear

or

On the outgoing interface use the command ip tcp adjust-mss 1400.

Let me know if it helps

New Member

Re: Site to site VPN issue - Problem with IOS 12.4?

You Sir (or Madam) are a legend.

I set the crypto ipsec df-bit clear command (in global mode) on both the Head Office and remote routers. Worked immediately. However, this transfered the problem to the routers running IOS 12.3

I then removed the setting on the Head Office router with the command crypto ipsec df-bit copy. Then EVERYONE is happy.

Whoo Hoo.

Many thanks.

226
Views
0
Helpful
2
Replies