Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

VPN routing issue

Status
Not open for further replies.

makemorebeer

Technical User
Jun 6, 2007
96
US
it' s been brought to my attention that our VPN has never really worked right. it seems that when people try to access intra net sites from the VPN it tells them website found waiting for reply but the reply never gets there. everything else seems to work fine (ie. VNC, RDP, network folder access, telnet). what could cause these Intra net sites to not function correctly?
 
What kind of VPN? This may sound like an MTU issue...have you tried extended pings with the df bit set?

Burt
 
This is an SSL VPN (WEBVPN). It's running off a dialer interface with an MTU of 1492 (ADSL). I'm not familiar with extended ping. if you could explain I'd be more than happy to give it a go.

Thanks,
Beer

p.s. i did feel it prudent to mention...i found one way for the Intra net sites to work, and that is to link directly to them via the SSLVPN page. once you log in you can be presented with links, and if i run a link from this it works fine, however there is a "?" in the address for all of our intra net sites which is an invalid character as far as the router is concerned. so that's not really a viable option. unless we can get around that.
 
Whatever the ASCII equivalent of ctrl-v is needs to go before the "?", I believe...try that.

Burt
 
I think i may have gotten this one. I have split tunneling setup and i missed adding one of the networks into that. now it all seems to be working correctly. I think. I'm testing it right now. I did try doing "ping x.x.x.x df-bit size xxxx" and found that 1492 can not get through. does it seem normal thought that i had to drop it all the way to 400 before i started getting normal responses? again i'm not sure if this is what you meant by extended pings but that's what i did.
 
That is what I meant by extended pings with the df bit set---it won't fragment, and you can find out what MTU size will get through. 400 does seem pretty low, though...

Burt
 
it was kind of odd. i started at 1492 and started workign my way down. i got to about 400 and it started letting them through, then I felt i should verify it by trying to go back up, and then it let me get al the way back up to 1200 something. i thought that was a bit strange.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top