Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Unable to pass e-mail traffic over a VPN tunnel on a router running IOS Firewall and there is intermittent poor performance/failure to connect TCP sessions

Core issue

E-mail traffic is blocked over the VPN tunnel.

This issue happens when TCP/25 connections are established through the tunnel. However, after the 3-way handshake, the endpoint drops the session.

E-mail traffic gets blocked when the IOS Firewall's default session establishment and half-open session thresholds are still in use although the traffic demand on the network is much higher. This causes new sessions in excess of the thresholds to drop.


In order to identify this issue, use these commands:

Hostname (config)# show ip inspect statistics
Hostname (config)# show ip inspect config

Once verified, add these commands in order to resolve this issue:

Hostname (config)# ip inspect max-incomplete low 800

Hostname (config)# ip inspect one-minute low 3500

This might also be an MTU size-related issue. In order to resolve MTU-related issues on the router, refer to Unable to pass large packets through the site-to-site VPN tunnel, IPSec, with the routers and the PIX 500 Series Firewall
Version history
Revision #:
1 of 1
Last update:
‎06-17-2009 10:21 PM
Updated by:
Labels (1)