Problems with connections through IPSEC tunnel after upgrade IOS

Hi All,

Last Saterday I've upgraded our VPN endpoint router.. Everything looks fine and all Tunnels were up and running. Now we explore some problems with several applications through a tunnel. The problem looks to be related with the MTU size; after setting the MTU site on the clients to 1400 all applications are working fine. I've made no changes to the configuration of the router.

Old IOS: c3640-jk9s-mz.122-23 New IOS: c3640-ik9s-mz.123-14.T7 Remote Site = Checkpoint NGX R60A on Crossbeam platform

Has somebody experienced similary problems ? Is there another solution (then changing the MTU on the clients) ? What is changed int the IOS from 12.2 to12.3 regarding IPSEc tunneling and MTU sizes?


Tom Lauwereins

Reply to
Tom Pouce
Loading thread data ...

12.2(23) to 12.3(14)T7 hmmm!

Do you need T for anything in particular? The Technology Train should only be used if you need the features.

12.3T became 12.4 effectively, and subsequent major changes get put in to 12.4T.

or other is changed and occassionally some defaults are changed.

I am pretty sure that you wil have crossed over some major Crypto/ACLs/NAT changes (at least in they way that they interract).

Perhaps MTU discovery is now broken since ICMP is being blocked?

Best to post the config really.

Reply to
Bod43 Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.