[ previous ] [ next ] [ threads ]
 
 From:  "Stovall, Adrian M." <Adrian dot Stovall at durez dot com>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Cisco - M0n0wall ipsec VPN question
 Date:  Wed, 14 Sep 2005 15:10:10 -0500
I don't know (and I'll have to ask the admin at the site the m0n0wall
box is at...that end of the tunnel is a new part of our network that
we're trying to get connected).

Where do I tell him to look to find out? 


Adrian Stovall

#-----Original Message-----
#From: Jonathan S. Romero [mailto:jromero at raydiance dash inc dot com] 
#Sent: Wednesday, September 14, 2005 2:49 PM
#To: Stovall, Adrian M.
#Cc: m0n0wall at lists dot m0n0 dot ch
#Subject: Re: [m0n0wall] Cisco - M0n0wall ipsec VPN question
#
#Does m0n0wall use explicit congestion notification?  These 
#symptoms sound like something I was experiencing last week on 
#a linux system.
#
#-JonnyRo
#
#On Wed, 2005-09-14 at 14:23 -0500, Stovall, Adrian M. wrote:
#> Hi all.
#> 
#> I have a peculiar problem between a Cisco router and a m0n0wall box 
#> running the latest beta.
#> 
#> Here are the symptoms and some details (more detailed ones are 
#> hopefully coming soon):
#> 
#> 
#> pings sent from the cisco side of the tunnel will bring the 
#tunnel up 
#> with no problem.
#> 
#> pings sent from the m0n0 side will not bring the tunnel up.
#> 
#> normal TCP connections initiated from the cisco side of the 
#tunnel are 
#> successful (tested with browsers and remote administrator).
#> 
#> normal TCP connections initiated from the m0n0 side of the 
#tunnel are 
#> unsuccessful (telnets to any given port result in timeouts).
#> 
#> pings in both directions to devices on the internal networks on the 
#> opposing side of the tunnel work fine up to 992 bytes.
#> 
#> MTU on the ethernet interface of the cisco is set to 1380.
#> 
#> MTU on the internal (and external) interface of the m0n0 box 
#is set to 
#> 1500.
#> 
#> Both routers are connected to the internet via T-1's (m0n0wall is in 
#> Detroit on a connection from BrightHouse, cisco is in Dallas on a 
#> connection from Qwest).
#> 
#> At this point, I've seen in the m0n0wall logs that all traffic 
#> destined for the other side of the tunnel is allowed, and that there 
#> are no incoming packets getting denied on the cisco, so I'm shying 
#> away from packet-filtering trouble.
#> 
#> Does anyone have any ideas on what I should be looking at next?  The 
#> idea of a one-way tunnel is interesting, but not especially handy.
#> 
#> 
#> 
#> Adrian Stovall
#> 
#> 
#> 
#> 
#> ---------------------------------------------------------------------
#> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
#> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
#> 
#--
#Jonathan S. Romero <jromero at raydiance dash inc dot com> Raydiance Inc.
#
#