Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
839
Views
0
Helpful
2
Replies

VPN site to site double encryption problems

gilsr
Level 1
Level 1

‎07-17-2004 12:24 AM

I want to implement double encryption between two sites.

PIX-Router-Router-PIX

@ ********** @

@@@@@@@@@@@@@@@@@@|

The first tunnel is between two pix 501. Using AES. Everything works fine. Now I add IPsec 3des tunnel between the two routers.

Both tunnel are established.

The problem some application works fine but other not. As example telnet works but SAP gui not.

I use mtu 1400.

There aren’t any error messages in the pix.

In the router i receive the following message:

IPsec (encapsulate) error in encapsulation

Labels:
0 Helpful
2 Replies 2

ehirsel
Level 6
Level 6

‎07-18-2004 06:42 PM

On what device did you adjust the mtu size to 1400 on? The pix or the router? Did you alsomake an adjustment on the tcpmss max size sysopt option on the pix (i.e., instead of using 1380, did you use 1280) - I believe that this needs done even if the mtu of 1400 was set on the pix-to-router interface?

On what router did you receive the error message, the left or the right router, or both - (using your topology diagream)?

0 Helpful

doron_dd2
Level 1
Level 1
In response to ehirsel

‎11-10-2004 01:14 AM

hi

we did the MTU changes in all PIX interface + router.

i change tcpmss max size to 1280 as well.

no change. some aplication like FTP works fine but SAP GUI dont work.

any idea ?

0 Helpful
Customers Also Viewed These Support Documents