[ previous ] [ next ] [ threads ]
 
 From:  "Stovall, Adrian M." <Adrian dot Stovall at durez dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Cisco - M0n0wall ipsec VPN question
 Date:  Wed, 14 Sep 2005 14:23:31 -0500
Hi all.

I have a peculiar problem between a Cisco router and a m0n0wall box
running the latest beta.

Here are the symptoms and some details (more detailed ones are hopefully
coming soon):


pings sent from the cisco side of the tunnel will bring the tunnel up
with no problem.

pings sent from the m0n0 side will not bring the tunnel up.

normal TCP connections initiated from the cisco side of the tunnel are
successful (tested with browsers and remote administrator).

normal TCP connections initiated from the m0n0 side of the tunnel are
unsuccessful (telnets to any given port result in timeouts).

pings in both directions to devices on the internal networks on the
opposing side of the tunnel work fine up to 992 bytes.

MTU on the ethernet interface of the cisco is set to 1380.

MTU on the internal (and external) interface of the m0n0 box is set to
1500.

Both routers are connected to the internet via T-1's (m0n0wall is in
Detroit on a connection from BrightHouse, cisco is in Dallas on a
connection from Qwest).

At this point, I've seen in the m0n0wall logs that all traffic destined
for the other side of the tunnel is allowed, and that there are no
incoming packets getting denied on the cisco, so I'm shying away from
packet-filtering trouble.

Does anyone have any ideas on what I should be looking at next?  The
idea of a one-way tunnel is interesting, but not especially handy.



Adrian Stovall