|
||||||||
> All, > > I need some help before I began pulling my hair out, here is the > situation. > > M0n0wall-----Internet-----Cisco831 > > I have the tunnel up between these 2 devices and I know everything is > setup properly, as I can ping from one LAN subnet to the other. I can > also ssh from behind the LAN subnet of the monowall to the Lan subnet > of the 831. Now everyone is saying ok so what's wrong. Well when I try > to RDP or send what seems to be any heavy traffic like RDP, file copy, > etc it opens up the resources but never completes. Let me try to > explain better, like on a file copy I attach to the share it ask for > username and password I put it in and see the file share when I go to > copy it hangs up and locks up that session. If I RDP to a box from the > monowall subnet to the other subnet it brings up the screen I put in > the username and password and it seems as if it is going to log me in > but just locks up the session. > > Now from the 831 LAN subnet they can do anything they want to, it > looks as if they are sitting on my local subnet behind the monowall > they have no issues at all every service works great file sharing, > RDP, they can even print to my subnet. It seemed like a MTU issue at > first so I tried changing it on both sides and that did not make any > difference. I have taken all other access-list on the 831 off to make > sure it was not being caught by something else though I was sure it > wasn't and that did not make any difference. I did have a Cisco pix in > place of the monowall and it all worked great but since you can't do > any traffic shaping on a pix I decided to try monowall. The traffic > shaping works great and I love it but now I am in a pickle because if > I can't get the vpn to work I will have to go back to the pix and give up traffic shaping. > > Any ideas or thoughts surely would be appreciated. > Sounds like a problem with fragmented packets/MTU. Solution? I'm not sure. :) It's one of many things I have on my > > list to figure out and document troubleshooting and remediation procedures. > Searching the archives for MTU might be helpful. > http://www.google.com/search?q=mtu+site%3Am0n0.ch&sourceid=mozilla-searc h&start=0&start=0&ie=utf-8&oe=utf-8 &client=firefox-a&rls=org.mozilla:en-US:official > > -Chris > > --------------------------------------------------------------------- > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch I have been working on this for 2 days and I figured it was a MTU issue but have not found anything at all. Like I said I reduced the MTU on both sides and it made no difference it is so frustrating. I sniffed the packets and every packet sent from my LAN to the 831 LAN in ethereal it says invalid checksome, I have recently swapped out the nic cards for 2 sis nic cards I had intel in the machine before. I wanted to buy a soekris with vpn card but I think this will put a stop to that. I took the monowall down today and put the pix in place and without no other changes the vpn tunnel works fine and traffic flows both ways. |