We use an application called Funk Proxy used to remote control PC's on our network. The version of the app we use controls the PC's using udp-1505. This app works through our Nortel Contivity 2500 VPN just fine. However, we are now trying to convert to a Cisco 3005 (temporarily until our 3020 arrives) and this app doesn't work. When you attempt to connect to a PC it either hangs or only paints a line of the desktop then locks up. After ~30 seconds it errors out and closes.
One thing I tried that somewhat helped was to set the DF bit to clear on the interface config page for both inside and outside interfaces. After doing this I could connect to PC's, but after moving around or opening apps it locks up again.
One solution I have found is to upgrade Funk Proxy to the latest version which uses TCP as well as UDP. Using TCP seems to fully resolve the issue. However, we have this Proxy app on over 1000 machines, so updating them all is quite a task. What I would like to know is why this doesn't work through the Cisco VPN while it works great through the Nortel.
This issue has been resolved with the help of TAC (second case for the same problem). On the public interface I had to lower the MTU from 1500 to 1450. I could adjust this number later to something a bit higher if I want. I also had to set the DF bit to clear. Now the application works as expected.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...