vpn

Stephen Hope shope at ENERGIS-EIS.CO.UK
Tue Sep 12 07:26:02 EDT 2000


Andrew,

It sounds like a packet size issue.

Windows browsers tend to set the "do not fragment" bit in packets, so the
encapsulation overhead may push the router past the allowed packet size.

You may need to allow some ping packets through to do MTU discovery,  or
change some registry variables - maybe others here could comment exactly
what they are likely to be?

try altering the MTU on the browser PC -if you set this to say 1400 bytes
and it fixes the problem then you have confirmed it is probably packet size.

More generally, i suggest you use a later code version - 12.07 or later
seems much more stable than for previous versions.

Stephen Hope C. Eng, Network Consultant, shope at energis-eis.co.uk,
Energis Integration Services Ltd, WWW: http://www.energis-eis.co.uk
Carrington Business Park, Carrington, Manchester , UK. M31 4ZU
Tel: +44 (0)161 776 4190 Mob: +44 (0)7767 256 180 Fax: +44 (0)161 776
4189


> -----Original Message-----
> From: Andrew.Fletcher at TAYWOOD.CO.UK
> [mailto:Andrew.Fletcher at TAYWOOD.CO.UK]
> Sent: Saturday, September 09, 2000 12:53 PM
> To: VPN at SECURITYFOCUS.COM
> Subject: vpn
>
>
> Problem:
> I have a point to point IPSec VPN configured on Cisco 1720
> Routers (IOS
> Version 12.0(2a)T1). The VPN appears to be funcioning normally for all
> protocols except for HTTP. Remote Users connecting to
> Microsoft IIS/4.0
> (NT4.0 SP5) websites fail with a timeout, however connection to a Unix
> Appache 1.3.1 works fine. On comparing protocol analyser
> traces the only
> apparent difference is the frame size negotiated in the TCP Header. On
> IIS4, TCP sets mss to 1460. On Appache mss is set to 512. I
> suspect the
> problem maybe due to IP fragmentation. Any ideas would be greatly
> appreciated.
>
> Additional info:
> On the remote network we also have a Shiva remote access
> server. When I
> dial into this and connect through the VPN to IIS4 website, this works
> fine. Again the network analyser shows the TCP mss set to 536 bytes
> which appears to be acceptable.
>
>
> Regards
>
> Andrew
>
>
> Andrew Fletcher
> IT Operations
> Taylor Woodrow Construction Limited
> 345 Ruislip Road, Southall, Middlesex, UB1 2QX.
>
> Tel:   +44 (0)20.8575.4070
> Fax: +44 (0)870.160.3814
>
> mailto:andrew.fletcher at taywood.co.uk
>
>
>
> **************************************************
> The information contained in this email is intended only for
> the person or entity to whom it is addressed and may contain
> confidential and/or privileged material. If you have received
> this email in error please note that any review,
> retransmission, copying, dissemination or other use of, or
> taking of any action in reliance upon its contents is
> prohibited. If you are not an intended recipient, Please
> delete the material from any computer that may have it and
> contact the Taylor Woodrow I.T Helpdesk on +44 (0)20 8575
> 4811, or send an email to helpdesk at taywood.co.uk. Thank you
> for your co-operation.
>
> The contents of an attachment to this email may contain
> software viruses which could damage your computer system.  We
> cannot accept liability for any damage which you sustain as a
> result of software viruses.  You should carry out your own
> virus checks before opening any attachment.
>

-----------------------------------------------------------------------------------------------------------

This email is confidential and intended solely for the use of the individual to
whom it is addressed. Any views or opinions presented are solely those of the
author and do not necessarily represent those of Energis Integration Services.
If you are not the intended recipient, be advised that you have received this
email in error and that any use, dissemination, forwarding, printing, or copying
of this email is strictly prohibited.

We have an anti-virus system installed on all our PC's and therefore any files
leaving us via e-mail will have been checked for known viruses.
Energis Integration Services accepts no responsibility once an e-mail
and any attachments leave us.

If you have received this email in error please notify Energis Integration Services Communications
IT department on +44 (0) 1494 476222..
-----------------------------------------------------------------------------------------------------------

VPN is sponsored by SecurityFocus.COM




More information about the VPN mailing list