Solved: Re: Site to site VPN issue - Problem with IOS 12.4?

ecn1 · ‎11-06-2006

I have a site with multiple VPN's configured. Sites with routers (all Cisco) running IOS 12.3 or lower are fine. New routers with IOS 12.4 can establish the VPN link and I can ping the remote networks. When I try to access the Intranet home page from a remote site, the home page appears but I am not able to access any pages. A similar thing is happening with another application (client/server SQL program). The clent (remote site) can logon to the SQL database and perform some task, but then will get a connectivity error. Sites running IOS 12.3 have no such problems.

ANY ideas please?

attrgautam · ‎11-06-2006

Looks like an MTU issue.

see if you can clear the df-bit in the encrypted packet using the command

crypto ipsec df-bit clear

or

On the outgoing interface use the command ip tcp adjust-mss 1400.

Let me know if it helps

View solution in original post

attrgautam · ‎11-06-2006

Looks like an MTU issue.

see if you can clear the df-bit in the encrypted packet using the command

crypto ipsec df-bit clear

or

On the outgoing interface use the command ip tcp adjust-mss 1400.

Let me know if it helps

ecn1 · ‎11-06-2006

You Sir (or Madam) are a legend.

I set the crypto ipsec df-bit clear command (in global mode) on both the Head Office and remote routers. Worked immediately. However, this transfered the problem to the routers running IOS 12.3

I then removed the setting on the Head Office router with the command crypto ipsec df-bit copy. Then EVERYONE is happy.

Whoo Hoo.

Many thanks.