[c-nsp] VPN 3000 Connectivity Problems
Ted Mittelstaedt
tedm at toybox.placo.com
Sat Apr 9 23:48:35 EDT 2005
cisco-nsp-bounces at puck.nether.net wrote:
> I'm trying to figure out a connectivity problem with my VPN 3005 box.
>
> I have some applications (windows messanger for exchange and "users
> and computers") that run very slow over the VPN tunnels (ipsec and
> pptp), I thought maybe I had some fragmentation issue.
Why did you think that? Did you run "netstat -s" on the Windows boxes
and see a lot of "Reassembly Required" counts?
I tried the
> usual settings(setting "Fragment prior to IPSec encapsulation without
> Path MTU Discovery (Clear DF bit)") etc. and it doesnt seem to make a
> differance.
>
> I noticed in a debug the following messages when ever I launch
> the applications:
>
Does "netstat -e" show errors? What about your TCP statistics?
Why don't you start by eliminating the VPN as a source of trouble.
Setup a fully patched Windows system on your public network (outside of
the VPN) and a fully patched Windows system that is at the remote site
that is having problems. Make sure both have public IP numbers.
List both systems in each other's LMHOSTS files. Map a share across
the Internet. Copy some files across the share and see if the
connection goes to the dogs.
Your VPN will run like dogmeat if the underlying network itself is
dogmeat. You need to checkout that first for problems.
Ted
More information about the cisco-nsp
mailing list