Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Cisco (http://www.velocityreviews.com/forums/f27-cisco.html)
-   -   VPN tunnel drops fragments (http://www.velocityreviews.com/forums/t379753-vpn-tunnel-drops-fragments.html)

profile0104 11-20-2006 06:09 PM

VPN tunnel drops fragments
 
Hello

I'm experiencing a strange problem with a GRE over IPSec tunnel between
two Cisco routers.

The configuration is tested and has been working for a long time,
except for a single application. This client-server application works
on UDP and this is what happens:

1) app-client generates a 1800 bytes UDP packet
2) packet is fragmented 1500 + 300 by the first router met
3) the two fragmented packets (1500 and 300) hit the VPN tunnel
interface but they don't make it to the other side of the tunnel. It
looks as they're silently dropped, app-server never sees them.

The tunnel works in transport mode and ip mtu is set to 1440 bytes, the
load on the VPN routers is very very low. The tunnel perfectly
fragments packets bigger than 1440 but smaller than 1500

Thank you for any advice


Martin Bilgrav 11-20-2006 09:43 PM

Re: VPN tunnel drops fragments
 
Not sure but maybe this :

http://www.cisco.com/en/US/products/...html#wp1029667


"profile0104" <profile0104@yahoo.com> wrote in message
news:1164046144.617166.295870@f16g2000cwb.googlegr oups.com...
> Hello
>
> I'm experiencing a strange problem with a GRE over IPSec tunnel between
> two Cisco routers.
>
> The configuration is tested and has been working for a long time,
> except for a single application. This client-server application works
> on UDP and this is what happens:
>
> 1) app-client generates a 1800 bytes UDP packet
> 2) packet is fragmented 1500 + 300 by the first router met
> 3) the two fragmented packets (1500 and 300) hit the VPN tunnel
> interface but they don't make it to the other side of the tunnel. It
> looks as they're silently dropped, app-server never sees them.
>
> The tunnel works in transport mode and ip mtu is set to 1440 bytes, the
> load on the VPN routers is very very low. The tunnel perfectly
> fragments packets bigger than 1440 but smaller than 1500
>
> Thank you for any advice
>




profile0104 11-22-2006 06:25 PM

Re: VPN tunnel drops fragments
 
Thank you Martin, but my routers are two 2691 and I don't think there's
a similar command for them

Martin Bilgrav wrote:
> Not sure but maybe this :
>
> http://www.cisco.com/en/US/products/...html#wp1029667
>
>
>




All times are GMT. The time now is 04:50 AM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.