VPN site-to-site betweem Cisco 1841 and SonicWall 170

Discussion in 'Cisco' started by amitgat@gmail.com, Jan 2, 2006.

  1. Guest

    Hi,

    I'm trying to connect a Cisco 1841 to Sonicwall 170.

    The tunnel is establishing successfully, but I can't ping computers
    from any LAN to the other side of the tunnel.

    When running Tunnel Diagnostics on Cisco SDM I get the following
    report:

    ------------------------------------------------------------
    VPN Troubleshooting Report Details

    Router Details

    Attribute Value
    Router Model 1841
    Image Name c1841-advsecurityk9-mz.124-5.bin
    IOS Version 12.4(5)

    Test Activity Summary

    Activity Status
    Checking the tunnel status... Up

    Test Activity Details

    Activity Status
    Checking the tunnel status... Up
    Encapsulation :0
    Decapsulation :0
    Send Error :0
    Received Error :0

    Troubleshooting Results
    Failure Reason(s)
    A ping with data size of this VPN interface MTU size and 'Do not
    Fragment' bit set to the other end VPN device is failing. This may
    happen if there is a lesser MTU network which drops the 'Do not
    fragment' packets

    Recommended Action(s)
    1)Contact your ISP/Administrator to resolve this issue.
    2)Issue the command 'crypto ipsec df-bit clear' under the VPN interface
    to avoid packets drop due to fragmentation.
    ------------------------------------------------------------

    On the Sonicwall side, I see this message whenever I try to access the
    other side:
    Message - "Malformed or unhandled IP packet dropped"
    Source - <Other Side Public IP>, 0, WAN
    Destination - <Local Side Public IP>
    Notes - IP Protocol 51"

    Do you have any ideas what can I do to fix the tunnel?

    Thanks a lot in advance.

    Amit Gatenyo
    , Jan 2, 2006
    #1
    1. Advertising

  2. nazgulero Guest

    Hello,

    there might be a problem with the MSS size configured on your local LAN
    interface. Try and set this to 1350:

    interface FastEthernet0/0
    ip tcp adjust-mss 1350

    Regards,

    Naz
    a écrit :

    > Hi,
    >
    > I'm trying to connect a Cisco 1841 to Sonicwall 170.
    >
    > The tunnel is establishing successfully, but I can't ping computers
    > from any LAN to the other side of the tunnel.
    >
    > When running Tunnel Diagnostics on Cisco SDM I get the following
    > report:
    >
    > ------------------------------------------------------------
    > VPN Troubleshooting Report Details
    >
    > Router Details
    >
    > Attribute Value
    > Router Model 1841
    > Image Name c1841-advsecurityk9-mz.124-5.bin
    > IOS Version 12.4(5)
    >
    > Test Activity Summary
    >
    > Activity Status
    > Checking the tunnel status... Up
    >
    > Test Activity Details
    >
    > Activity Status
    > Checking the tunnel status... Up
    > Encapsulation :0
    > Decapsulation :0
    > Send Error :0
    > Received Error :0
    >
    > Troubleshooting Results
    > Failure Reason(s)
    > A ping with data size of this VPN interface MTU size and 'Do not
    > Fragment' bit set to the other end VPN device is failing. This may
    > happen if there is a lesser MTU network which drops the 'Do not
    > fragment' packets
    >
    > Recommended Action(s)
    > 1)Contact your ISP/Administrator to resolve this issue.
    > 2)Issue the command 'crypto ipsec df-bit clear' under the VPN interface
    > to avoid packets drop due to fragmentation.
    > ------------------------------------------------------------
    >
    > On the Sonicwall side, I see this message whenever I try to access the
    > other side:
    > Message - "Malformed or unhandled IP packet dropped"
    > Source - <Other Side Public IP>, 0, WAN
    > Destination - <Local Side Public IP>
    > Notes - IP Protocol 51"
    >
    > Do you have any ideas what can I do to fix the tunnel?
    >
    > Thanks a lot in advance.
    >
    > Amit Gatenyo
    nazgulero, Jan 2, 2006
    #2
    1. Advertising

  3. Guest

    Sadly, it didn't work.

    I've set it on the interface that is connected to the LAN
    (FastEthernet0/0) but it didn't do the trick, the tunnel is still being
    created successfully, but I can't ping computers on the remote LAN.
    , Jan 3, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. jsandlin

    cisco pix to sonicwall vpn...

    jsandlin, Oct 16, 2006, in forum: Cisco
    Replies:
    0
    Views:
    374
    jsandlin
    Oct 16, 2006
  2. Akut
    Replies:
    0
    Views:
    1,133
  3. Replies:
    1
    Views:
    1,454
  4. Fred Martin

    Cisco PIX VPN to SONICWALL PRO4060

    Fred Martin, Sep 25, 2007, in forum: Cisco
    Replies:
    2
    Views:
    891
    Fred Martin
    Oct 2, 2007
  5. Gary
    Replies:
    3
    Views:
    3,105
Loading...

Share This Page