cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Cisco Community November 2020 Spotlight Award Winners

Users unable to connect to the Exchange server through an IPsec tunnel on the VPN 3000 Concentrator

435
Views
0
Helpful
0
Comments

Core issue

IPsec adds more header to the packets exchanged across the tunnel. This issue can be related to the  fragmentation of packets. Outlook uses Path MTU for the fragmentation policy, but this is not enabled by default on the VPN 3000 Concentrator.

Resolution

Complete these steps to resolve the Path MTU size issue:

  1. Select the Public interface.

  2. Check the IPsec fragmentation policy that you have enabled.

  3. Set this policy to Fragment prior to IPSec encapsulation without Path MTU Discovery (Clear DF bit).

  4. Try the connection again.

Note: Once you change this setting, it brings down all the other tunnels you have at the moment since something has changed to the way the VPN Concentrator must handle the tunnels.

Content for Community-Ad