Prev: Using SSH to connect to a Catalyst 1900 switch
Next: Problem with VPN on ASA 5505
From: Dmitry Melekhov on 30 Nov 2007 00:03
On 28 ÎÏÑÂ, 22:43, Dmitry Melekhov <d...(a)belkam.com> wrote:

> btw, it is very strange, but if I set ip mtu less then 120 on far end
> (not otherwise) than large (1500) pings pass.
> looks like something is wrong with ethernet channel.
> but I can't understand what- unencrypted traffic has no problems on
> this channel...

OK. Looks like this is cisco IOS bug.
I replaced 2801 with 2811 on one side and get channel worked for some
time.
Than 2811 hangs :-) , so I replaced ios in 2801 to older one (12.4.13d
afair).
Now channel works for more than hours.
Only "problem" is many messages in 2811 log:
Nov 30 08:55:51.188 SAMT: %CRYPTO-4-IKMP_NO_SA: IKE message from
192.168.200.241 has no SA and is not an initialization offer
Nov 30 08:57:40.754 SAMT: %CRYPTO-4-IKMP_NO_SA: IKE message from
192.168.200.241 has no SA and is not an initialization offer
Nov 30 08:59:40.776 SAMT: %CRYPTO-4-IKMP_NO_SA: IKE message from
192.168.200.241 has no SA and is not an initialization offer

I'm shure this is bug too...
First  |  Prev  | 
Pages: 1 2
Prev: Using SSH to connect to a Catalyst 1900 switch
Next: Problem with VPN on ASA 5505