Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN site to site double encryption problems

I want to implement double encryption between two sites.


@ ********** @


The first tunnel is between two pix 501. Using AES. Everything works fine. Now I add IPsec 3des tunnel between the two routers.

Both tunnel are established.

The problem some application works fine but other not. As example telnet works but SAP gui not.

I use mtu 1400.

There aren’t any error messages in the pix.

In the router i receive the following message:

IPsec (encapsulate) error in encapsulation


Re: VPN site to site double encryption problems

On what device did you adjust the mtu size to 1400 on? The pix or the router? Did you alsomake an adjustment on the tcpmss max size sysopt option on the pix (i.e., instead of using 1380, did you use 1280) - I believe that this needs done even if the mtu of 1400 was set on the pix-to-router interface?

On what router did you receive the error message, the left or the right router, or both - (using your topology diagream)?

New Member

Re: VPN site to site double encryption problems


we did the MTU changes in all PIX interface + router.

i change tcpmss max size to 1280 as well.

no change. some aplication like FTP works fine but SAP GUI dont work.

any idea ?