11-06-2006 04:30 PM - edited 02-21-2020 02:42 PM
I have a site with multiple VPN's configured. Sites with routers (all Cisco) running IOS 12.3 or lower are fine. New routers with IOS 12.4 can establish the VPN link and I can ping the remote networks. When I try to access the Intranet home page from a remote site, the home page appears but I am not able to access any pages. A similar thing is happening with another application (client/server SQL program). The clent (remote site) can logon to the SQL database and perform some task, but then will get a connectivity error. Sites running IOS 12.3 have no such problems.
ANY ideas please?
Solved! Go to Solution.
11-06-2006 09:24 PM
Looks like an MTU issue.
see if you can clear the df-bit in the encrypted packet using the command
crypto ipsec df-bit clear
or
On the outgoing interface use the command ip tcp adjust-mss 1400.
Let me know if it helps
11-06-2006 09:24 PM
Looks like an MTU issue.
see if you can clear the df-bit in the encrypted packet using the command
crypto ipsec df-bit clear
or
On the outgoing interface use the command ip tcp adjust-mss 1400.
Let me know if it helps
11-06-2006 10:22 PM
You Sir (or Madam) are a legend.
I set the crypto ipsec df-bit clear command (in global mode) on both the Head Office and remote routers. Worked immediately. However, this transfered the problem to the routers running IOS 12.3
I then removed the setting on the Head Office router with the command crypto ipsec df-bit copy. Then EVERYONE is happy.
Whoo Hoo.
Many thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide