Enabling IP Fragmention on CIsco ASA IPSEC VPN Tunnel

I have a IPSEC VPN tunnel between a ASA-5505 and a 891 router. When I attempt to transmit security camera video over the IPSEC tunnel, I get Syslog ID error 106020 - Denying IP teardrop fragment. This results in my video stream being cancelled.

I have tried

ip audit signature 1103 disable

with no luck, to disable the inspection. What I would like to do, is disable the inspection of any traffic on  the tunnel, or at bare minimum disable the fragmention inspection on the WAN of the ASA. Please advise as to the best mehtod of disabling that inspection, and dealing with fragmentation from Unix and camera hosts.

Regards.
aalbert69Asked:
Who is Participating?
 
Nothing_ChangedCommented:
Just checked more, it is only a frame drop that drops a teardrop signature...

If this is your problem for certain, you should see "show asp drop frame security-failed" incrementing on every stream fail.
0
 
Nothing_ChangedCommented:
Is your camera inside one ASA on one side of the tunnel, and your server inside the other side? if so, don't disable that outside, it's a good protection layer. Can you please paste in a syslog message? We should be able to disable that inspection more granularly, to preserve your securtity but still make your connection work.



0
 
aalbert69Author Commented:
The Cameras consist of  8 Axis  IP cameras behind the 891 router, plus 1 linux based DVR, that also  streams video.... In addition we have a lighting control system, and other things, but those seem to be working fine over the VPN. I will have to go onsite, to get the syslog messages.

Regards.

0
On-Demand: Securing Your Wi-Fi for Summer Travel

Traveling this summer?Check out our on-demand webinar to learn about the importance of Wi-Fi security and 3 easy measures you can start taking immediately to protect your private data while using public Wi-Fi. Follow us today to learn more!

 
Nothing_ChangedCommented:
Are you using tcp or udp as a transport protocol? The Axis documentation shows both protocols.
0
 
Nothing_ChangedCommented:
When you do a "show asp drop" are your flow drops or frame drops incrementing with the reason of "security-failed" ?
0
 
aalbert69Author Commented:
Never fully resolved ... But A for effort
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.