We have purchased two 2811 routers to use for a site to site VPN. Both routers have the VPN AIM. I have everything working in a lab now, but it was a struggle. I'm new to this, so I happily used SDM to configure everthing. Initially I used an IPSEC VPN without GRE. Everything went smooth and I tested the tunnel using SDM and it all checked out. Then when I tried to ping between clients across the tunnel, every other ping request timed out. This was repeatable and occured regardless of which side of the tunnel the ping was initiated from. Everything else (file transfer, web browsing) was not working. I started over and used GRE over IPSEC this time and everthing began working...sorta. Small data transfers (32 byte ping requests) would work but I couldn't transfer large files across the tunnel. I fixed this by changing the MTU on the tunnel interfaces and on the clients to 1476 bytes to allow for 24 bytes that would be added due to encapsulation (at least I think that's what's going on). Changing the MTU on every client is acceptable for the moment, but it might not be down the road. If GRE is causing me to change the MTU, it makes me wonder why exactly do I need it? The SDM wizard help says to use GRE to connect remote sites with different network topologies, but that's not what I'm doing. Also, if a non-GRE IPSEC vpn can't get the job done, why is it even included in the wizard?
17 years ago