[ previous ] [ next ] [ threads ]
 
 From:  "Jonathan S. Romero" <jromero at raydiance dash inc dot com>
 To:  "Stovall, Adrian M." <Adrian dot Stovall at durez dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Cisco - M0n0wall ipsec VPN question
 Date:  Wed, 14 Sep 2005 15:48:58 -0400
Does m0n0wall use explicit congestion notification?  These symptoms
sound like something I was experiencing last week on a linux system.

-JonnyRo

On Wed, 2005-09-14 at 14:23 -0500, Stovall, Adrian M. wrote:
> Hi all.
> 
> I have a peculiar problem between a Cisco router and a m0n0wall box
> running the latest beta.
> 
> Here are the symptoms and some details (more detailed ones are hopefully
> coming soon):
> 
> 
> pings sent from the cisco side of the tunnel will bring the tunnel up
> with no problem.
> 
> pings sent from the m0n0 side will not bring the tunnel up.
> 
> normal TCP connections initiated from the cisco side of the tunnel are
> successful (tested with browsers and remote administrator).
> 
> normal TCP connections initiated from the m0n0 side of the tunnel are
> unsuccessful (telnets to any given port result in timeouts).
> 
> pings in both directions to devices on the internal networks on the
> opposing side of the tunnel work fine up to 992 bytes.
> 
> MTU on the ethernet interface of the cisco is set to 1380.
> 
> MTU on the internal (and external) interface of the m0n0 box is set to
> 1500.
> 
> Both routers are connected to the internet via T-1's (m0n0wall is in
> Detroit on a connection from BrightHouse, cisco is in Dallas on a
> connection from Qwest).
> 
> At this point, I've seen in the m0n0wall logs that all traffic destined
> for the other side of the tunnel is allowed, and that there are no
> incoming packets getting denied on the cisco, so I'm shying away from
> packet-filtering trouble.
> 
> Does anyone have any ideas on what I should be looking at next?  The
> idea of a one-way tunnel is interesting, but not especially handy.
> 
> 
> 
> Adrian Stovall
> 
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
-- 
Jonathan S. Romero <jromero at raydiance dash inc dot com>
Raydiance Inc.