Cisco 501 pix giving ICMP errors from the public ip Address
I have a Konica Minolta copier on a VPN that uses a Cisco 501 pix for the tunnel and a windstream 4200 speedstream modem to get to the outside world. it does not matter if I try to access the web interface of the copier or scan to email the operation times out. I can access the web interface from the local subnet but not from a outside subnet on the VPN. The copier IP address is on the private tunnel. I ran a wireshark capture and found that I am getting IMCP destination unreachable Fragmentation needed errors. We know that the copier starts to send data to the mail server and then hangs up when the copier starts to send the scan data. The ICMP errors are coming from the Public IP address of the PIX and not through the private tunnel. My theory is that since the ICMP errors are coming from the public IP address and not through the Private tunnel, the copier never sees them and it just keeps trying to send the same over size packets over and over until it times out. Does anyone know how to correct this so the copier can receive these packets from the private tunnel so it can resend smaller packets upon request.
The MTU packet size on the copier cannot be changed. I have attached a screen shot of the packet error.
Re: Cisco 501 pix giving ICMP errors from the public ip Address
Thank you for your question. This community is for Cisco Small Business products and your question is in reference to a Cisco Elite/Classic product. Please post your question in the Cisco NetPro forums located here:http://forums.cisco.com/eforum/servlet/NetProf?page=mainThis forum has subject matter experts on Cisco Elite/Classic products that may be able to answer your question.
Cisco Small Business Support
If my response answered your question, please mark the response as answered. Thank you!
Hi every one!!!When you are configuring a remote VPN connection, there
are some steps that are lost on the path. Here you can see those steps.
A) In your Cisco device: 1. Ensure you don´t have any rule denying the
traffic between the device and the remote...
You have a Cisco Unified Communications Manager (CUCM) system and want
to configure a SPA112 analog telephone adaptor (ATA) to register to the
CUCM so that you can use up to two analog phones or similar FXS devices
with the CUCM.In this application note, ...
Introduction: This document describes how to connect SG300 with Catalyst
switch via STP. Spanning Tree Protocol (STP) is a Layer 2 protocol that
runs on mainly on switches. The specification for STP is IEEE 802.1D.
The main purpose of STP is to ensure tha...