Odd that the problem is only occuring on certain machines
and not all of
them. By default, windows MTU is 1500 bytes iirc. IPSEC
adds another 58
bytes (maximum) onto the packet.
Problematic box is setting the DF bit? A way to fake your
way around this
is to create a GRE tunnel between the routers, IPSEC the gre
tunnel
(tunnel protect or use standard ACL's), and artifically
raise the MTU of
the tunnel ("ip mtu 1500" under the tunnel
interface). That should do the
trick.
More reading can be found here:
http://www.cisco.com/warp/public/105/pmtud_ipfrag.html
-matt
"Brandon Vickers"
Sent by: nobody groupstudy.com
04/30/2006 03:47 PM
Please respond to
"Brandon Vickers"
To
ciscogroupstudy.com
cc
Subject
Router to router VPN/MTU issue [7:109433]
I just set up a site to site VPN between a Cisco 831 and
Cisco 2621. The
tunnel works fine, but I am having trouble with Windows XP
remote desktop
across the link. It works fine on a couple xp machines, but
I get a black
screen on another. Research suggests this is caused by a MTU
size issue
across the VPN. Is there a way I can troubleshoot this
and/or change the
MTU
size on the routers to correct this?
Brandon
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7
&i=109435&t=109433
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.
groupstudy.com/list/cisco.html
|