04-15-2009 04:21 AM - edited 03-04-2019 04:22 AM
Currently, I have an IPSec VPN tunnel that is working between a Juniper M7i router and Cisco 3845 router. The Juniper M7i is in the corporate Internet Gateway while the Cisco 3845 is located at a new remote site we are trying to bring up. I have no issues pinging or tracerouting from the corporate network to the loopback or LAN ethernet interfaces on the Cisco. However, as soon as I try to ping one hop away from the Cisco LAN interface, I receive 50% packet loss. The Cisco LAN interface directly connects to the LAN switch at the remote site and there are no error between the Cisco interface and LAN switch's interface. I am thinking that there might be something wrong with the Cisco putting the packets in the VPN tunnel. Any help will be appreciated. The Cisco and Juniper configuration are attached.
04-15-2009 05:38 AM
Please check the mtu of both the cisco router and juniper router and ensure they are same. If they are same can increase them?
04-15-2009 06:24 AM
On the Juniper, I can easily change the MTU size on the tunnel-rule-1.
How do I tell what the MTU is on the Cisco and how do I change the MTU? Can I change the MTU on the crypto map?
Thanks.
04-15-2009 07:41 AM
ip mtu bytes ....
Please check this link perhaps it helps
04-16-2009 04:25 AM
Thank you for the help. We found it was the Cisco having the problem. We had to turn off ip cef and ip route cache directly on the interface where the cryto map is and that fixed the problem.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide