09-07-2008 10:57 PM
Hi
I encountered a issue when I tried to setup the VPN between the ASA 5505 (version 8.0) and PIX 515E (version 6.3). The VPN can up and running. From the PC in remote site, it can get the IP from DHCP server in central site through the VPN tunnel, and the ping the DNS are all working correctly. But all applications (email, critrix) are not working fine. Attached are the configurations. Do you have any ideas about this issue?
Thanks. Leo
09-08-2008 10:40 AM
Hello Leo,
If the PING is working then this could be a fragmentation issue . IPsec adds its own header to normal application data packets and this could lead packet size more than 1500 bytes.
Try to adjust TCP MSS value on VPN end devices (Both PIX and ASA in your case)
Try to adjust TCP MSS value on PIX. For ASA check the following link.
sysopt connection tcp-mss MSS_size_in_bytes
example : sysopt connection tcp-mss 1360
You can also find the exact size for your connection using extended ping utility from your workstation as explained in following link .
For PIX and router( as vpn end devices) use following link
For ASA
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804c8b9f.shtml
HTH
Saju
Please rate if it helps
09-08-2008 04:53 PM
Thanks for your reply. I will try and let you know the result.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide