Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

VPN Between ISR

I've problem vith ipsec tunnel between 2811 isr router. It seem an MTU problem. Can I change MTU to 1540 ? In other word, my problem is that Win 2003 Server DC don't comunicate in Tunnel.

2 REPLIES
Community Member

Re: VPN Between ISR

Here configuration:

Spoke a

crypto map SDM_CMAP_2 1 ipsec-isakmp

description Tunnel to10.132.29.4

set peer 10.132.29.4

set transform-set ESP-3DES-SHA

match address 100

crypto map SDM_CMAP_2 2 ipsec-isakmp

description Tunnel to10.132.29.8

set peer 10.132.29.8

set transform-set ESP-3DES-SHA

match address 101

crypto map SDM_CMAP_2 3 ipsec-isakmp

description Tunnel to10.132.29.6

set peer 10.132.29.6

set transform-set ESP-3DES-SHA

match address 102

crypto map SDM_CMAP_2 4 ipsec-isakmp

description Tunnel to10.132.29.1

set peer 10.132.29.1

set transform-set ESP-3DES-SHA

match address 103

crypto map SDM_CMAP_2 5 ipsec-isakmp

set peer 10.132.29.3

set transform-set ESP-3DES-SHA

match address 104

!

...

interface FastEthernet0/0

description Vpn

ip address 10.132.29.50 255.255.255.0

duplex auto

speed auto

crypto map SDM_CMAP_2

!

...

ip access-list extended ruleFlavon

remark SDM_ACL Category=4

permit ip 10.132.0.0 0.0.0.255 10.132.4.0 0.0.0.255

remark SDM_ACL Category=4

!

access-list 100 remark SDM_ACL Category=4

access-list 100 remark IPSec Rule Flavon

access-list 100 permit ip 10.132.0.0 0.0.0.255 10.132.4.0 0.0.0.255

access-list 100 remark SDM_ACL Category=4

access-list 100 remark IPSec Rule Flavon

access-list 101 remark SDM_ACL Category=4

access-list 101 remark IPSec Rule Livo

access-list 101 permit ip 10.132.0.0 0.0.0.255 10.132.8.0 0.0.0.255

access-list 101 remark SDM_ACL Category=4

access-list 101 remark IPSec Rule Livo

access-list 102 remark SDM_ACL Category=4

access-list 102 remark IPSec Rule Campodenno

access-list 102 permit ip 10.132.0.0 0.0.0.255 10.132.6.0 0.0.0.255

access-list 102 remark SDM_ACL Category=4

access-list 102 remark IPSec Rule Campodenno

access-list 103 remark SDM_ACL Category=4

access-list 103 remark IPSec Rule Tuenno

access-list 103 permit ip 10.132.0.0 0.0.0.255 10.132.1.0 0.0.0.255

access-list 103 remark SDM_ACL Category=4

access-list 103 remark IPSec Rule Tuenno

access-list 104 remark SDM_ACL Category=4

access-list 104 remark IPSec Rule Cles2

access-list 104 permit ip 10.132.0.0 0.0.0.255 10.132.3.0 0.0.0.255

access-list 104 remark SDM_ACL Category=4

access-list 104 remark IPSec Rule Cles2

Spoke B

crypto map SDM_CMAP_1 1 ipsec-isakmp

description Tunnel to10.132.29.50

set peer 10.132.29.50

set transform-set ESP-3DES-SHA

match address 101

!

!

!

!

interface Loopback0

ip address 10.132.15.1 255.255.255.255

!

interface FastEthernet0/0

description Vpn

ip address 10.132.29.3 255.255.255.0

duplex auto

speed auto

crypto map SDM_CMAP_1

!

access-list 101 remark SDM_ACL Category=4

access-list 101 remark IPSec Rule

access-list 101 permit ip 10.132.3.0 0.0.0.255 10.132.0.0 0.0.0.255

access-list 101 permit ip 10.132.3.0 0.0.0.255 10.132.1.0 0.0.0.255

access-list 101 remark SDM_ACL Category=4

access-list 101 remark IPSec Rule

Community Member

Re: VPN Between ISR

Solved.

ip tcp adjust-mss 1300 on interface F0/0.

It force host to negotiate MTU.

119
Views
0
Helpful
2
Replies
CreatePlease to create content