Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Cisco 1811 Site to Site VPN Problems

We have two Cisco 1811 routers configured to establish an IPSEC VPN with each other. The VPN connection establishes just fine, and we are able to ping across the tunnel, however, applications like RDP or joining a domain fail to work properly. We have ruled out duplex mismatches and other common problems. One really interesting twist is that we can connect a laptop to the network and it will work just fine. However the desktop PC's are failing to work. We have tried swapping out NIC cards and other devices without any success. We even reformatted a PC completely to eliminate the computers.

Today we upgraded the IOS on both routers to 12.4(15)T3 hoping that would resolve the issue, but it has not.

I've attached the configs from both routers and also a packet dump that was taken while a PC (192.168.25.17) was trying to RDP to a server (192.168.24.200) across the tunnel. I am seeing a lot of duplicate packets, but I can't make complete sense of it.

Has anyone else seen this before? Are we missing something obvious here?

Thanks,

-Steve

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: Cisco 1811 Site to Site VPN Problems

try clearing the df-bit and also setting a tcp mss value on the lan facing interface. you can zero down on the mss vlaue by doing an extended ping,

ping x.x.x.x -l 1400 -f

keep on reducing the value after -l till you get a successful reply.

subtract 60 from this value and apply this as the mss value on the lan facing interface with the help of ip tcp adjust-mss command.

1 REPLY
New Member

Re: Cisco 1811 Site to Site VPN Problems

try clearing the df-bit and also setting a tcp mss value on the lan facing interface. you can zero down on the mss vlaue by doing an extended ping,

ping x.x.x.x -l 1400 -f

keep on reducing the value after -l till you get a successful reply.

subtract 60 from this value and apply this as the mss value on the lan facing interface with the help of ip tcp adjust-mss command.

195
Views
0
Helpful
1
Replies
CreatePlease to create content