Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > VPN Lan-to-lan via Wireless Link

Reply
Thread Tools

VPN Lan-to-lan via Wireless Link

 
 
News Reader
Guest
Posts: n/a
 
      03-23-2008
Its been a while since I needed to addressed these issues.

I'm using IPSec + GRE in ESP "Transport" mode between sites. When I
researched these issues I concluded that changing the MSS was not
required. An appropriate MTU on the Tunnel interface is all that is
required.

An MTU setting of 1440 should be sufficient for "Transport" mode, and
1420 should be sufficient for "Tunnel" mode. The two modes have
different protection boundaries. A packet is larger when sent in
"Tunnel" mode due to encapsulation of the original IP header.

I have used an MTU of 1400 for years, and have not encountered any
fragmentation issues.

interface Tunnel0
ip mtu 1400


When setting up a "non-GRE" IPSec tunnel between sites, you would want
to be using an ESP transform in "Tunnel" mode.

If you encountered issues in only one direction, you would want to
review your crypto ACLs to be sure that they were mirrored, without any
exceptions. A network sniffer on the WAN port is very useful in
identifying asymmetric operation caused by non-mirrored crypto ACLs.

Best regards,
News Reader


Elia Spadoni wrote:
> Oh sorry.
>
> I established an IPSec tunnel lan to lan, but it worked in a single
> direction, and have weird problems, pinged all hosts ok.
>
> When I did gre + ipsec, mtu 1400 and mss 1360 (as use now) everything works
> fine.
>
>

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
VPN Concentrator 3005 - Cannot connect via Window XP built in VPN Scott Cisco 1 05-16-2006 02:01 PM
VPN tp VPN via PIX Tom Pouce Cisco 2 07-19-2005 07:00 AM
PIX 515E, VPN client has no route to outside network via vpn Clemens Schwaighofer Cisco 7 06-13-2005 03:48 PM
RE: Link Link Link =?Utf-8?B?REw=?= Windows 64bit 0 05-17-2005 12:15 PM
Re: Link Link Link DANGER WILL ROBINSON!!! Kevin Spencer ASP .Net 0 05-17-2005 10:41 AM



Advertisments