Problems with connections through IPSEC tunnel after upgrade IOS

- T
- Tom Pouce
  
  Contact options for registered users
posted
17 years ago

Tue, Nov 28, 2006 3:00 PM

Hi All,

Last Saterday I've upgraded our VPN endpoint router.. Everything looks fine and all Tunnels were up and running. Now we explore some problems with several applications through a tunnel. The problem looks to be related with the MTU size; after setting the MTU site on the clients to 1400 all applications are working fine. I've made no changes to the configuration of the router.

Old IOS: c3640-jk9s-mz.122-23 New IOS: c3640-ik9s-mz.123-14.T7 Remote Site = Checkpoint NGX R60A on Crossbeam platform

Has somebody experienced similary problems ? Is there another solution (then changing the MTU on the clients) ? What is changed int the IOS from 12.2 to12.3 regarding IPSEc tunneling and MTU sizes?

Thanks,

Tom Lauwereins

Loading thread data ...

- B
- Bod43
  
  Contact options for registered users
Vote on answer
posted
17 years ago

Wed, Nov 29, 2006 1:52 AM

12.2(23) to 12.3(14)T7 hmmm!

Do you need T for anything in particular? The Technology Train should only be used if you need the features.

12.3T became 12.4 effectively, and subsequent major changes get put in to 12.4T.

or other is changed and occassionally some defaults are changed.

I am pretty sure that you wil have crossed over some major Crypto/ACLs/NAT changes (at least in they way that they interract).

Perhaps MTU discovery is now broken since ICMP is being blocked?

Best to post the config really.

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.