02-25-2010 08:48 AM - edited 02-21-2020 04:31 PM
Hi,
I have a strange trouble... If I established an IPSec tunnel vs an ASA, it goes up but only works if the packet +/- under 150 bytes ... if packet size exceeded, the ASA don't send it to IPSec client; The size is related to the type of configured tunnels:
VPNclient setup ping -f -l xxx IPSec over TCP 152 IPSEC over UDP 123 No Transport Tunnelling 115
debug icmp report alway ping request and reply but with packet sniffing on outside vlan don't see a packet for reply when I try with higher values than those given:
ping 'small':
22 3.748396 x.x.x.x 192.168.y.y ESP ESP (SPI=0x7106d9e3) <- ping request
23 3.748884 192.168.y.y x.x.x.x ESP ESP (SPI=0x05d0db4a) <- ping reply
ping 'big':
27 2.981950 x.x.x.x 192.168.y.y ESP ESP(SPI=0x7106d9e3) <- ping request missing ping reply!
The problem occurs with any protocol (TCP, UDP, ICMP) and verifying the configuration with another ASA did not find notable differences.
The ASA is an 5505 with fw 8.0(4) and IPSec microcode CNlite-MC-IPSECm-MAIN-2.05.
Thanks,
Arturo.
Solved! Go to Solution.
02-25-2010 01:54 PM
This sounds very much like the following bug:
CSCsu26649 Large packets dropped with ip-comp enable configured
Can you confirm that you have "ip-comp enable" in your vpn config? If so, disable that and you should be ok.
Better yet, upgrade to 8.0(5).
hth
Herbert
02-25-2010 01:54 PM
This sounds very much like the following bug:
CSCsu26649 Large packets dropped with ip-comp enable configured
Can you confirm that you have "ip-comp enable" in your vpn config? If so, disable that and you should be ok.
Better yet, upgrade to 8.0(5).
hth
Herbert
02-26-2010 12:03 AM
Thank you,
I am damned for several hours trying to determine if there was some configuration problem, and when I tried it on another device, I suspect that had anything to do the firmware. But I could not find means to determine what happened.... Among others, the bug does not occur on older versions of firmware .
Pending update, I disabled the compression and now works
73
Arturo
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide