Cisco 1812 site to site vpn on checkpoint firewall

Discussion in 'Hardware' started by martysharkey, Oct 25, 2006.

  1. martysharkey

    martysharkey

    Joined:
    Oct 25, 2006
    Messages:
    1
    Likes Received:
    0
    Hi,

    I am a complete novice as far as cisco goes but i thought i would have a stab anyway.

    I have a cisco 1812 router 2 WAN ports and 8 LAN ports. int 0 is configured as an outside interface and int 1 as internal. i am within a very complex enveirnment and due to security restrictions i am only allowed to use port 500, so troubleshooting outside of this is a nightmare.

    i have been able to create a successful vpn connection to our head office which uses a checkpoint firewall to terminate the connection.

    I cannot however ping or access resources on the other end and get a log of bad packets sent very often.

    Using the new cisco sdm interface i can test the tunnel and the return is this

    Router Details

    Attribute Value
    Router Model 1812W
    Image Name c181x-advipservicesk9-mz.124-2.XA.bin
    IOS Version 12.4(2)XA
    Hostname Router


    Test Activity Summary

    Activity Status
    Checking the tunnel status... Up


    Test Activity Details

    Activity Status
    Checking the tunnel status... Up
    Encapsulation :91
    Decapsulation :0
    Send Error :2
    Received Error :0


    Troubleshooting Results Failure Reason(s) Recommended Action(s)

    A ping with data size of this VPN interface MTU size and 'Do not Fragment' bit set to the other end VPN device is failing. This may happen if there is a lesser MTU network which drops the 'Do not fragment' packets. 1)Contact your ISP/Administrator to resolve this issue. 2)Issue the command 'crypto ipsec df-bit clear' under the VPN interface to avoid packets drop due to fragmentation.



    can anyone advise me of what best t do?
     
    martysharkey, Oct 25, 2006
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.