Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
394
Views
0
Helpful
4
Replies

Applications over VPN

jerrykenny16
Level 1
Level 1

‎06-15-2004 04:58 AM - edited ‎02-21-2020 01:12 PM

I currently have a Cisco 3725 IOS 12.3 at my headquarters, and a 1760 at my field office. I am using GRE tunnel with EIGRP enabled. The tunnel is up and I can ping and trace route to every device on my network. However I cannot get applications to work across the tunnel (like Microsoft Outlook). Any suggestions? thanks

Labels:
0 Helpful
4 Replies 4

ehirsel
Level 6
Level 6

‎06-15-2004 10:48 AM

Can you post both router configs, scrubbing any sensitive info?

What is the wan/man topology used to connect the 1760 the the 3725 - i.e., frame relay, dsl?

Are you using IPSec as well as GRE?

It could be a path mtu issue, mainly if the routers do not generate icmp unreachable messages. GRE adds 24 bytes of protocol overhead meaning that the effective mtu as far as the workstation is concerned is 1476, instead of 1500 bytes. If IPSec is used then up to 60bytes more overhead is used, or 80 depending upon ipsec transport (no new ip header) or tunnel mode (new ip header) use.

0 Helpful

jerrykenny16
Level 1
Level 1
In response to ehirsel

‎06-15-2004 11:22 AM

We are using IPSec and GRE.

Wan Topology - 3725 T1 - 1760 Cable

I've attached to configs

Thanks alot

Preview file
9 KB
0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to jerrykenny16

‎06-17-2004 08:04 AM

If you have successful IP connectivity between all devices as demonstrated by successful ping and trace between all devices and applications do not run, then my first guess is a problem with MTU.

I see in the 1760 config that you are setting ip mtu on the tunnel to 1420 which should help address this issue. But in my experience it is sometimes not enough. So here are several observations and suggestions.

I notice that you have no ip unreachables configured on the tunnel. No unreachables will break Path MTU discovery. So my first suggestion is to turn on unreachables.

I see that you have configured mtu path discovery. But with no unreachables configured, I am not sure that it can work. So ditto the suggestion in the paragraph above about turn on unreachables.

I see that you are setting ip mtu to 1420. I have a customer who is doing EIGRP and IPSec/GRE tunnels. We found that 1420 was not small enough. With the combination of IPSec/ESP/GRE we experimented and found that 1370 solved our problem.

At that customer I had good experience using the ip tcp adjust-mss command as a way to solve the MTU issue. It is documented to work on physical interfaces (which is where we applied it) and I have heard some discussion that it may also work on the tunnel interface.

Try some or all of these and let me know if it helps.

HTH

Rick
0 Helpful

jerrykenny16
Level 1
Level 1
In response to Richard Burts

‎06-23-2004 11:28 AM

The IP unreachables did the trick. Thanks a lot I really appreciate it.

0 Helpful
Customers Also Viewed These Support Documents