Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
314
Views
0
Helpful
1
Replies

VPNClient-IOS tunnel: ICMP works, TCP doesn't

teschweizer
Level 1
Level 1

‎01-19-2004 12:51 PM - edited ‎03-09-2019 06:10 AM

I have a VPNClient-IOS config on a 2621. I did this config before on a lot of other routers and it always worked just fine.

The VPN builds up perfectly. The problem is that the client can PING the server on the inside, but when the client tries to open a TCP session to the server like telnet o similar, I see the packet arriving at the server, the server answers and the answer gets back to the inside router-interface and gets lost afterwards.

None of the access-list gave any log back on the lost packet. I also removed all the ACL that were not necessary for the VPN connection. There is NAT in place.

Had anyone similar effects? Thanks! Terry

Labels:
0 Helpful
1 Reply 1

mostiguy
Level 6
Level 6

‎01-19-2004 01:02 PM

could it be a MTU issue?

if the clients are windows, try:

ping -l 500 x.x.x.x

-l is size, in bytes. with the overhead of ipsec, normal ethernet mtu of 1500 may be impossible. you might need to hardcode the clients with a smaller mtu. this may all be because path mtu detection is broken somewhere.

0 Helpful
Customers Also Viewed These Support Documents