Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

You may experience some slow load times, errors, and slight inconsistencies. We ask for your patience as we finalize the launch. Thank you.

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started.

New Member

VPN and Exchange

Two users connected using VPN client (status: Connected). I can ping the computers, but for some reason their Outlook cannot connect to internal Exchange server.

The only thing that changes since successful login (yesterday) is the public network they use (hotel).

Thank in advance for any help.


  • Other Security Subjects

Re: VPN and Exchange


When you say you can ping the computers is it the private address across the VPN or are you pinging the public address?

This could be a problem due to MTU, I had a customer report the same issue where users could connect to exchange over a non-encrypted (LAN) link but fail over an encrypted path. The solution was to reduce the MTU in this case. In this case you would be able to ping private addresses across the tunnel.

Another problem could be caused by NAT, in which case the tunnel appears up but no data can be sent across it so the ping to a private address would fail. In this case you need to enable NAT-T support in the firewall.

New Member

Re: VPN and Exchange

Where do you change the MTU? I do not see the MTU on the VPN client. What is the recommended number for MTU in order to access the Exchange server? Thanks.


Re: VPN and Exchange

The MTU can be set at the client end by a utility provided wth the client software.

On my PC, its found at >Start, programs, Cisco VPN Client, select `Set MTU'. The default is 1300 bytes, which should be adequate for your requirement.

I looked up the fault details that I dealt with for VPN users on exchange, in my case it was a LAN attached user coming across a L2L IPSec tunnel to the exchange server at the HQ. I used a facility on the router to adjust the MTU, the TCP MSS-ADJUST command.

If your VPN user has the MTU set to 1300 which I suspect it probably is as that's the default, then I dont think this is the cause of your problem.

New Member

Re: VPN and Exchange

I was able to ping it as our private (from VPN clients range), by the box name and by ip address.

I was thinking about checking TCP/IP settings (manually entering WINS, DNS) and/or modifying the HOSTS file, but they just e-mailed: the issue has been resolved by the local provider - probably something on their network (?)

Thanks for replies.