Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

VPNClient-IOS tunnel: ICMP works, TCP doesn't

I have a VPNClient-IOS config on a 2621. I did this config before on a lot of other routers and it always worked just fine.

The VPN builds up perfectly. The problem is that the client can PING the server on the inside, but when the client tries to open a TCP session to the server like telnet o similar, I see the packet arriving at the server, the server answers and the answer gets back to the inside router-interface and gets lost afterwards.

None of the access-list gave any log back on the lost packet. I also removed all the ACL that were not necessary for the VPN connection. There is NAT in place.

Had anyone similar effects? Thanks! Terry


Re: VPNClient-IOS tunnel: ICMP works, TCP doesn't

could it be a MTU issue?

if the clients are windows, try:

ping -l 500 x.x.x.x

-l is size, in bytes. with the overhead of ipsec, normal ethernet mtu of 1500 may be impossible. you might need to hardcode the clients with a smaller mtu. this may all be because path mtu detection is broken somewhere.

CreatePlease to create content