I have a LAN-to-LAN VPN in place. I have a Cisco 3030 on one side and a Cisco 3020 on the other side. If I try to copy file bigger then 10mb over this VPN tunnel from one Windows server to another Windows server it fails after a while and says "network name is no longer available".
During my failed copy attempts, I started a continuous ping from server A to server B and I do not drop one single packet. The VPN tunnel is up at all times and I see packets encrypting and decrypting. I also see no errors on either Concentrators log and both are running the latest code. Any help would be greatly appreciated.
Add the command to both the routers 3020 and 3030 at the end of the tunnel which may solve the issue you are facing.To adjust the maximum segment size (MSS) value of TCP SYN packets going through a router, use the ip tcp adjust-mss command in interface configuration mode. To return the MSS value to the default setting, use the no form of this command.
I agree with hadbou, but you don't actually need to add it on both sides, as only one side needs to see the transient TCP packets, but first you must see what MSS is being negotiated in the TCP handshake. use wireshark and capture the session - once you know what MSS is being negotiated, you actually need to see what the optimum MTU should be - use mturoute (google it)
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...