Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
607
Views
3
Helpful
7
Replies

IPSec tunnel is up but still not everything works

mwwg
Level 1
Level 1

‎09-22-2006 03:46 AM - edited ‎03-03-2019 02:05 PM

Hi, i am trying to get an ipsec tunnel between a c1841 & c877 to work, and i managed as far as tunnel is up & i could ping other side but when users tries to rdp to terminal server they fail, also live messanger fails too, i am sure c1841 is OK as other sites are working fine, but not sure about the c877

Labels:
Preview file
9 KB
0 Helpful
7 Replies 7

mwwg
Level 1
Level 1

‎09-22-2006 03:55 AM

sorry forgot to add that even user using cisco vpn client, whom could connect can't rdp or anything, they can't even ping beyond the router LAN ip

0 Helpful

Aaron Harrison
VIP Alumni
VIP Alumni
In response to mwwg

‎09-22-2006 06:14 AM

Hi

Regarding your LAN-to-LAN VPN... If you can ping but can't RDP it's because your traffic is larger than the MTU size permitted over the VPN...

On the LAn interface facing the remote clients, enter:

ip tcp adjust-mss 1300

And try again...

Regards

Aaron

Please rate helpful posts...

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!
0 Helpful

m-haddad
Level 5
Level 5
In response to Aaron Harrison

‎09-22-2006 03:00 PM

I don't think it is an MTU issue till now. One thing you I spot in the configuration is that your access-list Alex is incorrect. Your access-list should contain only traffic from your network to other networks.

Therefore, Alex ACL should look like that:

ip access-list extended Alex

remark to Alex

permit ip 192.168.85.0 0.0.0.255 192.168.100.0 0.0.0.255

remark to burg

permit ip 192.168.85.0 0.0.0.255 192.168.101.0 0.0.0.255

remark to cairo

permit ip 192.168.85.0 0.0.0.255 192.168.1.0 0.0.0.255

You should match traffic from your network to the remote site,

Please let me know if works and rate if I could help,

mwwg
Level 1
Level 1
In response to m-haddad

‎09-24-2006 02:47 AM

thanks, for you & aaraon for your replies, i did try the MTU setting, but it was set to auto before, i didn't see any result but i will re-check again, as for me i agress i thing i am missing something with the ACL's, but i had similar ACL on another cisco1841, & its working, so i don't know what went wrong here??

i am told that if no ACL & firewall is down so its like permit any any, is this correct?, i am trying to set the firewall & ACL on incoming & out going to make sure traffic i want is going thorugh & i will be back with the results, thanks & any other ideas are apperciated

0 Helpful

dwilsonccna
Level 1
Level 1

‎01-06-2007 01:53 PM

I am having a very similar problem trough a VPN tunnel between an ASA5510 and a 871 router. If you did resolve this can you please post how you got this working.

Thank you,

0 Helpful

m-haddad
Level 5
Level 5
In response to dwilsonccna

‎01-08-2007 08:46 AM

His case maybe different from yours. Can you please paste your config to check?

Regards,

0 Helpful

dwilsonccna
Level 1
Level 1
In response to m-haddad

‎01-08-2007 01:35 PM

I have posted the configuration for the 871W router at the remote side. Thanks for looking at this, it has been driving me crazy!

Preview file
8 KB
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card