Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Cisco 1721 831 VPN Setup

Reply
Thread Tools

Cisco 1721 831 VPN Setup

 
 
Sam Cole
Guest
Posts: n/a
 
      11-19-2004
I have a problem with the setup of a pure Cisco VPN
At one end I have a 1721 router and at the other ends I have two 831
routers.
I am using site to site VPN and the good news is both VPN tunnels are
up and running. 

The bad news is that one of the tunnels will not allow all services to
operate through it
A ping of packets up to 1400 in size is fine and responds in an
expected amount of time. However when I try a more complex thing like
Terminal Services (RDP) I have problem in that it only displays a
black screen. Mapping a drive will also fail. But the pings carry on
with 100% success. The MTU has not been changed on the router from the
default size

The thing that makes it really strange is that the two 831's have an
identical config (apart from ip addresses) and the other 831 worked
out of the box with out any problems.

I have the configs if that would help but I will edit them to remove
ip addresses and logins before I post them

Has anyone got any ideas on if the problem is at the 1721 end or the
831 end? I have spent far too long on this now so any help or requests
for further information email me or post to Aid others
Sam
 
Reply With Quote
 
 
 
 
PES
Guest
Posts: n/a
 
      11-19-2004
Sam Cole wrote:
> I have a problem with the setup of a pure Cisco VPN
> At one end I have a 1721 router and at the other ends I have two 831
> routers.
> I am using site to site VPN and the good news is both VPN tunnels are
> up and running. 
>
> The bad news is that one of the tunnels will not allow all services to
> operate through it
> A ping of packets up to 1400 in size is fine and responds in an
> expected amount of time. However when I try a more complex thing like
> Terminal Services (RDP) I have problem in that it only displays a
> black screen. Mapping a drive will also fail. But the pings carry on
> with 100% success. The MTU has not been changed on the router from the
> default size
>
> The thing that makes it really strange is that the two 831's have an
> identical config (apart from ip addresses) and the other 831 worked
> out of the box with out any problems.
>
> I have the configs if that would help but I will edit them to remove
> ip addresses and logins before I post them
>
> Has anyone got any ideas on if the problem is at the 1721 end or the
> 831 end? I have spent far too long on this now so any help or requests
> for further information email me or post to Aid others
> Sam


PMTUD is definitely broken either by you or the ISP. First off on your
routers inside interfaces make sure you haven't set no ip unreachables.
Make sure that your outside access lists aren't blocking type 3 code
4. You could then try to prove to the isp that they are breaking pmtud
but that would probably be fruitless. If you wanted to do that, use a
packet genereator like Nemesis to push icmp type 3 code 4 from one end
to the other and then back the other way. Is one end pppoe? If so,
drop the mtu on the other end to 1492. Also, I always recommend using
the ip tcp adjust-mss on pppoe routers due to some isps breaking pmtud.
Normally this would be set 1452 with pppoe and should be set on one of
the interfaces the packet would traverse. You will want to drop this
until it works as expected maybe 1380. I don't have all of the details
of the tunnel and I don't have time to do the math this morning. You
need to keep dropping the mtu until packets greater than the mtu without
the df bit set will go through and come back.

--
-------------------------
Paul Stewart
Lexnet Inc.
Email address is in ROT13
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cisco router 831 PPTP VPN setup Tom Edelbrok Cisco 1 09-11-2005 10:56 AM
Cisco 831 VPN to Cisco 3030 Security DavidK Cisco 1 03-08-2005 03:38 PM
site to site vpn cisco 1721<->831 Ligiu Uiorean Cisco 0 11-09-2004 11:38 AM
Can a Cisco 831 establish a VPN tunnel via a Cisco 2620? Hank Arnold Cisco 0 01-15-2004 10:58 AM
Can this be done cisco 831 vpn into another 831? Jimmyzshack Cisco 1 11-19-2003 09:09 PM



Advertisments