Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
233
Views
0
Helpful
1
Replies

831/3005 Problaem

harrylawhorn
Level 1
Level 1

‎05-20-2006 03:39 AM - edited ‎03-09-2019 02:58 PM

Hello, I have a 831 VPN user that has just changed ISP's from Comcast to Verizon. Her new connection comes up and the VPN connection looks good on our 3005 concentrator. Her 7960 IP Phone works fine but none of her Windows PC's seem to work correctly. The PC's take forever to boot up and once they do, they cannot browse the network and connect to M$ Exchange. IP pings work fine as well as the IP Phone. Nothing on the VPN has changed except now the connection is NAT-T. I have onther 831 users that are working fine with NAT-T.

I did not run the SDM Security function on this router.

Any Ideals?

Thanks, HARRY

Labels:
0 Helpful
1 Reply 1

rkazmierczak
Level 1
Level 1

‎05-20-2006 04:37 AM

It looks like mss and fragmentation problem. You can test it by doing pings with fixed sized packets and with DF bit set. generally using ip tcp mss-adjust on the inside interface on both sides on the tunnel (setting it to about 1380) should help. I also use crypto ipsec df-clear so that the DF bit is removed if any of the hosts attempts to set it.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents