Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Users unable to connect to the Exchange server through an IPsec tunnel on the VPN 3000 Concentrator

Core issue

IPsec adds more header to the packets exchanged across the tunnel. This issue can be related to the  fragmentation of packets. Outlook uses Path MTU for the fragmentation policy, but this is not enabled by default on the VPN 3000 Concentrator.


Complete these steps to resolve the Path MTU size issue:

  1. Select the Public interface.

  2. Check the IPsec fragmentation policy that you have enabled.

  3. Set this policy to Fragment prior to IPSec encapsulation without Path MTU Discovery (Clear DF bit).

  4. Try the connection again.

Note: Once you change this setting, it brings down all the other tunnels you have at the moment since something has changed to the way the VPN Concentrator must handle the tunnels.

Version history
Revision #:
1 of 1
Last update:
‎06-22-2009 05:11 PM
Updated by:
Labels (1)