Re: Transparent Tunneling set to on in Client but inactive

dopenfield · ‎04-06-2004

Using 3.6.3 VPN Client to talk to 3060 Concentrator

Under Options for session...

Enable Transparent Tunnelling is Checked

Allow Local LAN access is checked

However, when the session is established and the client status screens are brought up Transparent Tunneling says Inactive and Local LAN access is disabled???

Do have split tunnelling enabled in the group on the concentrator.

Any ideas what is causing this??

mostiguy · ‎04-06-2004

if you are not using nat, it will not be negotiated. it only will be when needed

dopenfield · ‎04-08-2004

We aren't doing NAT so that may be it. Thanks.

I do see the counts go up for packets not selected for encyrption

Anyone from Cisco have an explanation for why this works this way?

mostiguy · ‎04-08-2004

i would tend to guess that since you are encapsulating a esp packet within a udp one when NAT/PATing, and that your MTU for the link cannot increase, that would mean the effective data portion of the packet is reduced because of the ESP+UDP overhead. so, you probably get a slightly higher data portion when you avoid the udp encapsulation.

this is pure conjecture, as i have not broken out ethereal or some such to see what actually goes on

prossouw · ‎04-07-2004

Had the same problem on a 3015. Turns out that the Mode Configuration parameter, under the IPSEC tab on a defined Group, must be selected.