VPN site-to-site betweem Cisco 1841 and SonicWall 170
in [Cisco]
|
Prev: host flapping
Next: PIX 501 PDM
From: amitgat on 2 Jan 2006 10:04 Hi, I'm trying to connect a Cisco 1841 to Sonicwall 170. The tunnel is establishing successfully, but I can't ping computers from any LAN to the other side of the tunnel. When running Tunnel Diagnostics on Cisco SDM I get the following report: ------------------------------------------------------------ VPN Troubleshooting Report Details Router Details Attribute Value Router Model 1841 Image Name c1841-advsecurityk9-mz.124-5.bin IOS Version 12.4(5) Test Activity Summary Activity Status Checking the tunnel status... Up Test Activity Details Activity Status Checking the tunnel status... Up Encapsulation :0 Decapsulation :0 Send Error :0 Received Error :0 Troubleshooting Results Failure Reason(s) A ping with data size of this VPN interface MTU size and 'Do not Fragment' bit set to the other end VPN device is failing. This may happen if there is a lesser MTU network which drops the 'Do not fragment' packets Recommended Action(s) 1)Contact your ISP/Administrator to resolve this issue. 2)Issue the command 'crypto ipsec df-bit clear' under the VPN interface to avoid packets drop due to fragmentation. ------------------------------------------------------------ On the Sonicwall side, I see this message whenever I try to access the other side: Message - "Malformed or unhandled IP packet dropped" Source - <Other Side Public IP>, 0, WAN Destination - <Local Side Public IP> Notes - IP Protocol 51" Do you have any ideas what can I do to fix the tunnel? Thanks a lot in advance. Amit Gatenyo
From: nazgulero on 2 Jan 2006 11:13 Hello, there might be a problem with the MSS size configured on your local LAN interface. Try and set this to 1350: interface FastEthernet0/0 ip tcp adjust-mss 1350 Regards, Naz amitgat(a)gmail.com a écrit : > Hi, > > I'm trying to connect a Cisco 1841 to Sonicwall 170. > > The tunnel is establishing successfully, but I can't ping computers > from any LAN to the other side of the tunnel. > > When running Tunnel Diagnostics on Cisco SDM I get the following > report: > > ------------------------------------------------------------ > VPN Troubleshooting Report Details > > Router Details > > Attribute Value > Router Model 1841 > Image Name c1841-advsecurityk9-mz.124-5.bin > IOS Version 12.4(5) > > Test Activity Summary > > Activity Status > Checking the tunnel status... Up > > Test Activity Details > > Activity Status > Checking the tunnel status... Up > Encapsulation :0 > Decapsulation :0 > Send Error :0 > Received Error :0 > > Troubleshooting Results > Failure Reason(s) > A ping with data size of this VPN interface MTU size and 'Do not > Fragment' bit set to the other end VPN device is failing. This may > happen if there is a lesser MTU network which drops the 'Do not > fragment' packets > > Recommended Action(s) > 1)Contact your ISP/Administrator to resolve this issue. > 2)Issue the command 'crypto ipsec df-bit clear' under the VPN interface > to avoid packets drop due to fragmentation. > ------------------------------------------------------------ > > On the Sonicwall side, I see this message whenever I try to access the > other side: > Message - "Malformed or unhandled IP packet dropped" > Source - <Other Side Public IP>, 0, WAN > Destination - <Local Side Public IP> > Notes - IP Protocol 51" > > Do you have any ideas what can I do to fix the tunnel? > > Thanks a lot in advance. > > Amit Gatenyo
From: amitgat on 3 Jan 2006 17:42 Sadly, it didn't work. I've set it on the interface that is connected to the LAN (FastEthernet0/0) but it didn't do the trick, the tunnel is still being created successfully, but I can't ping computers on the remote LAN.
|
Pages: 1 Prev: host flapping Next: PIX 501 PDM |