VPN connection fails.
Tina Bird
tbird at PRECISION-GUESSWORK.COM
Thu Aug 10 13:12:34 EDT 2000
Hi Craig --
Yes, we noticed that file transfers and database transactions
started failing when we did the upgrade -- better than the
keys failing to generate, but not much! Cisco has released
yet another version of IOS that has a fix for the MTU issue,
but I haven't tested it yet (and having gotten burned with
this on the last upgrade...).
For now, we're just manually disabling PATH_MTU_DISCOVERY
on the systems on both ends of the VPN. Ugly, but effective.
Anyone else out there had any experience with this?
On Thu, 10 Aug 2000, Craig Illman wrote:
> Date: Thu, 10 Aug 2000 06:25:29 -0700
> From: Craig Illman <Craig.Illman at PACCAR.com>
> To: 'Tina Bird' <tbird at PRECISION-GUESSWORK.COM>
> Subject: RE: VPN connection fails.
>
> I've tried 12.1.1 IOS and had major interoperability issues with my Nortel
> Contivity. Some applications would work fine and others fail at a given
> point. Are you implying that the fragmentation of large packets for
> encapsulation is a problem with 12.1.1? How did you work around it?
>
> -----Original Message-----
> From: Tina Bird [mailto:tbird at PRECISION-GUESSWORK.COM]
> Sent: Wednesday, August 09, 2000 1:44 PM
> To: VPN at SECURITYFOCUS.COM
> Subject: Re: VPN connection fails.
>
>
> Hi Gowri --
>
> This is a known bug in the 12.0(x) versions of IOS. If
> you talk to the TAC, you can download a 12.1x version which
> definitely fixes this bug (we've done that). But be careful
> about PATH_MTU_DISCOVERY if you're using applications that
> generate large packets.
>
> Good luck -- Tina Bird
>
> On Wed, 9 Aug 2000, Gowri Shankar Bhogisetty wrote:
>
> > Date: Wed, 9 Aug 2000 22:25:03 +0530
> > From: Gowri Shankar Bhogisetty <gowrishankar.setty at WIPRO.COM>
> > To: VPN at SECURITYFOCUS.COM
> > Subject: VPN connection fails.
> >
> > Hi ,
> >
> > We are established VPN connectivity between 2611 cisco router and
> > Netscreen VPN .
> >
> > What is happening the When the SA expires at 3600 seconds, the IOS fails
> > to
> > negotiate a new security association and we will be getting the error
> > 2d03h: IPSEC(epa_des_crypt): decrypted packet failed SA identity check.
> >
> > We were using Cisoc IOS c2600-js56i-mz.120-5.XK1 with 45MB RAM .
> >
> > Can you please help me ,it willbe a great help.
> >
> > Thanks and regards
> >
> > Gowri Shankar
> >
> > --
> > *************************************************************
> > B.GOWRI SHANKAR
> > NETWORK ANALYST
> > IT MANAGEMENT GROUP
> > WIPRO TECHNOLOGIES
> > 72,ELECTRONICS CITY ,HOSUR MAIN ROAD,
> > BANGALORE - 521 229,INDIA
> > TEL: 91-80-8522280
> > EMAIL:gowrishankar.setty at wipro.com
> > www.wipro.com
> > The World's First SEI CMM level 5 Software Services Company
> > *************************************************************
> >
> >
>
> VPN: http://kubarb.phsx.ukans.edu/~tbird/vpn.html
> life: http://kubarb.phsx.ukans.edu/~tbird
> work: http://www.counterpane.com
>
> VPN is sponsored by SecurityFocus.COM
>
VPN: http://kubarb.phsx.ukans.edu/~tbird/vpn.html
life: http://kubarb.phsx.ukans.edu/~tbird
work: http://www.counterpane.com
VPN is sponsored by SecurityFocus.COM
More information about the VPN
mailing list