Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
346
Views
0
Helpful
2
Replies

Problem with my cisco 871-k9-advsecurity

mathduvar
Level 1
Level 1

‎06-29-2008 12:32 AM - edited ‎03-03-2019 10:32 PM

Hello everybody

i'm actually configure a router cisco 871.

My objectives:

- access to internet

- Create a VPN Site to Site

for the internet connection all is ok

no more problem.

But i have a serios problem with my VPN. I created a VPN-Site-to-Site between this router and Netasq F200. VPN is working but when i want to ping form computer behing my cisco, all is ok i can ping 192.168.6.5 which is my netasq address, i can ping server (192.168.6.1)

but if i want to make a 2048 bytes ping on the netasq i can but if i make

ping -l 2048 192.168.6.1 (the server) i can't i don't have any answer. But i used ethereal on server i see icmp incoming form my computer on the netasq i see the answer which come to the cisco but i don't have any answer on my computer. On ethereal i see that there are fragments i tryed to modify MSS (cause i can't modify MTU) but there were no effect.

Please i need to make ping with 2048 bytes it's for GPO (Windows) I attach config file. I hope u'll help me.

Labels:
Preview file
5 KB
0 Helpful
2 Replies 2

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎06-29-2008 03:26 AM

Hello Mathieu,

you can follow the guidelines of the document

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008081e621.shtml

I would suggest you to reduce the IP MTU with the command ip mtu 1380 under interface vlan1.

MSS applies only to TCP so it isn't effective for ICMP traffic.

hope to help

Giuseppe

0 Helpful

mathduvar
Level 1
Level 1
In response to Giuseppe Larosa

‎06-29-2008 06:59 AM

i already reduced mtu but no way

i cant make ping with 2048 byte on the distant router and it's working but not server behind this router

a little diagram :

IPSec tunnel

internet

Server - - - - ROUTER - - - - - - ROUTER

192.168.0.1 CISCO 871 NETASQ F200

192.168.0.3 192.168.6.5

and behind router i have another server : 192.168.6.1

if i ping (2048) from 192.168.0.1 to 192.168.6.5 it's ok

if i ping (2048) from 192.168.0.1 to 192.168.6.1 no answer

if i ping (normal) form 192.168.6.1 to 192.168.0.3 it's ok

if i ping (2048) from 192.168.6.1 to 192.168.0.3 no answer

it's same if i ping from 192.168.6.1 to 192.168.0.1

i don't understand

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card