Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN on SBC DSL

I just installed SBC DSL (Ameritech). My university has VPN 5000 and I installed the client. I configured everything according to instructions and apparently can establish a tunnel. However, when I tried to browse anything, the whole thing just hangs. WINIPCFG shows me to be still the same IP address from my ISP. When I go and ping I can ping the various locations, but the tracert looks completely different. Releasing the lease on WINIPCFG did not solve the problem. Any ideas?

  • Other Security Subjects
4 REPLIES
New Member

Re: VPN on SBC DSL

As a follow-up on my problems. I found that if I used dial-up networking to my Ameritech dial up account, I can get VPN 5000 running and things work fine - i.e, I can get to web resources that are IP restricted to the university network. However, when I connect through the DSL modem, the hanging problem is the same as before. What I did notice in the debug screen is that during dial-up the number of adapters is stated to be 1; whereas in the DSL connection, the number of adapter is stated to be 2. Any ideas?

New Member

Re: VPN on SBC DSL

I have the exact same problem with my SBC DSL and VPN, exactly. I can dial in and VPN works with my company server but when I use SBC DSL and then VPN everything seems to connect fine, I can even ping the drives and get a response. But I can not access any of the data or email.

What is wrong? Has anyone found a solution?

Sep 30, 2001, 5:30pm Pacific

I just installed SBC DSL (Ameritech). My university has VPN 5000 and I installed the client. I configured everything according to instructions and apparently can establish a tunnel. However, when I tried to browse anything, the whole thing just hangs. WINIPCFG shows me to be still the same IP address from my ISP. When I go and ping I can ping the various locations, but the tracert looks completely different. Releasing the lease on WINIPCFG did not solve the problem. Any ideas?

New Member

Re: VPN on SBC DSL

Looking over Dejanews I found out something about MTU and PPPoE. The maximum packet size PPPoE can handle is 1500 (actually 1492 or something). When VPN gets in the picture, the packet size may exceed 1500, therefore causing dropped packets and things hanging. By adjusting the PPPoE client to report a lower MTU to the VPN client, the actual packet size being sent will not exceed the 1500 limit. I changed the MTU setting on the PPPoE client from SBC, and was able to connect through VPN.

New Member

Re: VPN on SBC DSL

Hi,

We have this problem frequently with our customer

when you open a tunnel the is limited I agree with

you, the root cause of the problem is that the server

is setting the DF (Dont Fragment bit) in its packet

therefore one router on the path can't fragment the

packet (most of the time the encapsulator),

due to this problem, it sends an ICMP type3 code 4 towards the server.

The server in theory should decrease the packet size

at this stage, we face three potentials problems

1. the wan ip addresses are frequently in a private

range 10.X.X.X, therefore the server will never

receive the icmp message

2. The icmp messages are filtered

3. The server ignore the icmp message

You have to find a site which respect the rules

'Doctor TCP' or all equivalent application are

not efficient in this case because you only control

one direction the upstream but the downstream is out

of your control.

Philippe C_U_V_I_L_L_I_E_R ~

http://www.geocities.com/pcuvilli

http://y42.photos.yahoo.com/

106
Views
0
Helpful
4
Replies