?
Solved

PIX to PIX VPN tunnel MTU question

Posted on 2006-05-18
5
Medium Priority
?
543 Views
Last Modified: 2013-11-16
Hi,

I have a VPN tunnel setup between a PIX 515E & PIX 501. I have problems on my windows XP clients that connect to the DC through the VPN. I'm pretty sure it's an MTU issue. The 515E is set at 1500 and the 501 is set at 1492 (adsl). Do these have to be the same for the VPN to function properly??? And is there not a way t assign an MTU setting to a VPN tunnel??

Thanks
0
Comment
Question by:inf2300
  • 2
3 Comments
 

Author Comment

by:inf2300
ID: 16712112
ok i think i may have found my problem

http://archives.neohapsis.com/archives/ntbugtraq/2003-q4/0043.html

Cause i'm getting exactly that

Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1054
Date:            5/18/2006
Time:            11:10:29 AM
User:            NT AUTHORITY\SYSTEM
Computer:      XXX-XXXXXXXXX
Description:
Windows cannot obtain the domain controller name for your computer network. (An unexpected network error occurred. ). Group Policy processing aborted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

So how do i allow bigger ping sizes through the tunnel
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 16717049
Hi inf2300,

 For the moment forget about the MTU set on the PIX boxes and concentrate on the problem machine. 2 Steps to be done;

1. Go to C:\Windows\System32\Drivers\etc and add an entry to the 'hosts' file for your DC like below;

x.x.x.x DCName

2. Open a command prompt on the machine and try this;

  ping -l 1400 -f <DCIPADDRESS>

  It might say that the req cannot be processed because of the MTU size as 1400 and 'don't defragment' (-f) bit is set. Now start reducing the value from 1400 to lower and see when it succeeds. This will get you the optimal MTU size. 1300 would be a good value.

  After you do both of the above see if there is any improvement and post back

Cheers!
Rajesh
0
 
LVL 32

Accepted Solution

by:
rsivanandan earned 2000 total points
ID: 16717084
inf2300,

  Also once you find out the optimal MTU value, set that as the default value on the xp machine. Reboot the machine and try logging in. How to set the MTU on the xp machine can be found here; look for the key;

http://www.winguides.com/registry/tweaks.php/WindowsXP/

Cheers,
Rajesh
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses
Course of the Month14 days, 2 hours left to enroll

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question