We have Ms. Proxy Server 2.0 Thomas.
""sam sneed"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > What kind of Proxy server is it? Hopefully UNIX so you can do a tcpdump to > see what is actually getting to it. I'd suggest hooking up some packet > sniffers in differernt places to see what is getting where and you'll be > able to narrow down the problem. > > > > ""Thomas N."" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Thank you All for the confirmation! I used extended ping with DF bit set > as > > Richarde mentioned and found out that the packet size that can fit into > the > > tunnel without fragmentation is much less than 1500 bytes. I also went > over > > couple white papers from Cisco website. They mentions about using "ip tcp > > adjust-mss ", "ip mtu " as well as "tunnel path-mtu-discovery" > > command. I tried to apply these commands on the routers at the 2 > endpoints > > of the tunnel but it still didn't work. I see myself running into the > > confusion and have couple questions regarding: > > > > - What's the difference between "ip tcp adjust-mss " and "ip mtu > > " commands? > > - Which one should I use? or both? > > - Which and where I should apply these commands? on the tunnel interfaces, > > Ethernet segment, or on the Internet interface? > > > > Below is my topology. Client machine needs to pass through the tunnel, > then > > hit the Proxy Server for Internet access. Again, thank you All for the > > HELP!!! > > > > > > Client ---> Fa0/0-RouterA-Fa0/1---> IPSec over GRE > > tunnel --->Fa0/1-RouterB-Fa0/0---> Proxy Server---> Internet > > > > > > > > Thomas > > > > > > > > ""Richard Deal"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > It's probably an MTU problem. > > > > > > I have an IPSec connection being tunneled via GRE, which in turn, is > > > tunneled by another IPSec connection. Don't ask why I'm doing this :-) > But > > > we had to set the MTU down to 1320 to prevent fragmentation, and thus > > > performance, issues. > > > > > > In your case, you might want to try using the extended ping with the "no > > > fragment" option to determine which MTU size will work in your > situation. > > > > > > Cheers! > > > > > > Richarde > > > ""Thomas N."" wrote in message > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > Hi All, > > > > > > > > I am setting up a site-to-site VPN between 2 LANs using Cisco IOS VPN > > > (Cisco > > > > 2600 routers). I could get the tunnel up and running between the two > > LANs > > > > with IPSec over GRE so that I can run EIGRP. Data transfer between 2 > > LANs > > > > across the tunnel looks OK, and all dynamic routes learned with EIGRP. > > > > However, a problem come up when I put a Proxy Server on the first LAN > > and > > > > force Internet traffic from workstations from the second LAN to go out > > > with > > > > this Proxy server. Workstations from the second LAN could browse > > Internet > > > > across the tunnel to reach the Proxy server then hit the Internet; > > > however, > > > > the performance is very poor (seem like browsing over a 56k modem). I > > am > > > > thinking this may be because of fragmentation on the 2 routers. Is > > there > > > > any work around for this issue? If MTU size needs to be adjusted, > what > > > > would be the ideal MTU size for IPSec over GRE tunnel in "tunnel" > mode? > > > > Again, thank you All for the help! > > > > > > > > Thomas N. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=54754&t=54634 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
