Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
622
Views
0
Helpful
1
Replies

Cannot RDP through IPSEC between Firepowers 1010 and 1140

MXUser
Level 1
Level 1

‎05-27-2021 12:52 PM - edited ‎05-27-2021 12:54 PM

Hi All

 

I cannot RDP nor smb or access resources over an IPSec VPN tunnel between 2 Cisco firepowers, one is 1010 the other 1140

to note:

- I can ping fine both ways

- ACL not an issue as policy is to allow any port on both ends and ping works

- IPSEC configured on both towards Azure VPN gateway, and on both these tunnels RDP is possible

I suspect the MTU maximum session size is the culprit.. when I ping with packets less than 1350 (size changes, but varies between 1350 and 1400) I get the below response: ping -l 1400 192.168.1.1 -f ----> Packet needs to be fragmented but DF set

If so, how to configure the mss through Flexconfig Sysopt_basic ? there are no templates on the Firepowers.. and the CLI is too basic..

If not, what might be the issue?

 

Thank you

 

0 Helpful
1 Reply 1

MSakr
Level 1
Level 1

‎06-04-2021 08:46 AM - edited ‎06-04-2021 08:47 AM

Hi All

 

Seems a firewall in between that was blocking traffic ..

0 Helpful
Customers Also Viewed These Support Documents