Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

VPN routing issue

Status
Not open for further replies.
makemorebeer

makemorebeer

Technical User
Jun 6, 2007
96
US
it' s been brought to my attention that our VPN has never really worked right. it seems that when people try to access intra net sites from the VPN it tells them website found waiting for reply but the reply never gets there. everything else seems to work fine (ie. VNC, RDP, network folder access, telnet). what could cause these Intra net sites to not function correctly?
 
Sort by date Sort by votes
What kind of VPN? This may sound like an MTU issue...have you tried extended pings with the df bit set?

Burt
 
Upvote 0 Downvote
This is an SSL VPN (WEBVPN). It's running off a dialer interface with an MTU of 1492 (ADSL). I'm not familiar with extended ping. if you could explain I'd be more than happy to give it a go.

Thanks,
Beer

p.s. i did feel it prudent to mention...i found one way for the Intra net sites to work, and that is to link directly to them via the SSLVPN page. once you log in you can be presented with links, and if i run a link from this it works fine, however there is a "?" in the address for all of our intra net sites which is an invalid character as far as the router is concerned. so that's not really a viable option. unless we can get around that.
 
Upvote 0 Downvote
Whatever the ASCII equivalent of ctrl-v is needs to go before the "?", I believe...try that.

Burt
 
Upvote 0 Downvote
I think i may have gotten this one. I have split tunneling setup and i missed adding one of the networks into that. now it all seems to be working correctly. I think. I'm testing it right now. I did try doing "ping x.x.x.x df-bit size xxxx" and found that 1492 can not get through. does it seem normal thought that i had to drop it all the way to 400 before i started getting normal responses? again i'm not sure if this is what you meant by extended pings but that's what i did.
 
Upvote 0 Downvote
That is what I meant by extended pings with the df bit set---it won't fragment, and you can find out what MTU size will get through. 400 does seem pretty low, though...

Burt
 
Upvote 0 Downvote
it was kind of odd. i started at 1492 and started workign my way down. i got to about 400 and it started letting them through, then I felt i should verify it by trying to go back up, and then it let me get al the way back up to 1200 something. i thought that was a bit strange.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Pankaj88
  • Locked
  • Question
BGP Routing Clarification
Replies
0
Views
128
Pankaj88
Pankaj88
quazimotto
  • Locked
  • Question
Cisco ASA_5505 VPN to Juniper_SRX210 VPN IS UP_ No Traffic!!!!!!
Replies
0
Views
74
quazimotto
quazimotto
phonedudeSr
  • Locked
  • Question
Cisco Unity Connection Subscriber issue
Replies
2
Views
115
phonedudeSr
phonedudeSr
mikey789
  • Locked
  • Question
Can 4000-M Routing VLANs ?
Replies
0
Views
75
mikey789
mikey789
HollTel
  • Locked
  • Question
Cisco UC520 Shared Line issue
Replies
0
Views
63
HollTel
HollTel

Part and Inventory Search

Sponsor

Back
Top