Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Problem with my cisco 871-k9-advsecurity

Hello everybody

i'm actually configure a router cisco 871.

My objectives:

- access to internet

- Create a VPN Site to Site

for the internet connection all is ok

no more problem.

But i have a serios problem with my VPN. I created a VPN-Site-to-Site between this router and Netasq F200. VPN is working but when i want to ping form computer behing my cisco, all is ok i can ping 192.168.6.5 which is my netasq address, i can ping server (192.168.6.1)

but if i want to make a 2048 bytes ping on the netasq i can but if i make

ping -l 2048 192.168.6.1 (the server) i can't i don't have any answer. But i used ethereal on server i see icmp incoming form my computer on the netasq i see the answer which come to the cisco but i don't have any answer on my computer. On ethereal i see that there are fragments i tryed to modify MSS (cause i can't modify MTU) but there were no effect.

Please i need to make ping with 2048 bytes it's for GPO (Windows) I attach config file. I hope u'll help me.

2 REPLIES
Hall of Fame Super Silver

Re: Problem with my cisco 871-k9-advsecurity

Hello Mathieu,

you can follow the guidelines of the document

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008081e621.shtml

I would suggest you to reduce the IP MTU with the command ip mtu 1380 under interface vlan1.

MSS applies only to TCP so it isn't effective for ICMP traffic.

hope to help

Giuseppe

Community Member

Re: Problem with my cisco 871-k9-advsecurity

i already reduced mtu but no way

i cant make ping with 2048 byte on the distant router and it's working but not server behind this router

a little diagram :

IPSec tunnel

internet

Server - - - - ROUTER - - - - - - ROUTER

192.168.0.1 CISCO 871 NETASQ F200

192.168.0.3 192.168.6.5

and behind router i have another server : 192.168.6.1

if i ping (2048) from 192.168.0.1 to 192.168.6.5 it's ok

if i ping (2048) from 192.168.0.1 to 192.168.6.1 no answer

if i ping (normal) form 192.168.6.1 to 192.168.0.3 it's ok

if i ping (2048) from 192.168.6.1 to 192.168.0.3 no answer

it's same if i ping from 192.168.6.1 to 192.168.0.1

i don't understand

213
Views
0
Helpful
2
Replies
CreatePlease to create content