×

Loading...
Ad by
  • 予人玫瑰,手有余香:加拿大新天地工作移民诚聘求职顾问&行业导师!
Ad by
  • 予人玫瑰,手有余香:加拿大新天地工作移民诚聘求职顾问&行业导师!

@Calgary

GRE tunnel through an IPSec site-to-site tunnel出现的问题

pnpn(双飞雁)
最近遇到一个棘手的问题,查了两天没有结果,想请教一下做过网络支持的。

我们有个ipsec site-to-site tunnel的WAN CONNECTION,两端分别是一个cisco的asa。在这两个office里的内部网络里,又用两个cisco router(7100和2600)build了个GRE tunnel来连接两个Vlan,build完后,从一端测试时,icmp和udp的packet都正常,就是tcp有问题。

用wireshark看时,发现从对端返回的packet有TCP ACKed lost segment error,然后follow的另一个packet有broken tcp. the acknowledge field is nonzero的错误。象是tcp hand shake出现问题,会是什么问题?mtu/mss size问题?asymetric routing?
(#6688061@0)
Last Updated: 2011-5-18
This post has been archived. It cannot be replied.
Report

Replies, comments and Discussions:

  • 工作学习 / 学科技术讨论 / GRE tunnel through an IPSec site-to-site tunnel出现的问题 -pnpn(双飞雁); 2011-5-18 {543} (#6688061@0)
    最近遇到一个棘手的问题,查了两天没有结果,想请教一下做过网络支持的。

    我们有个ipsec site-to-site tunnel的WAN CONNECTION,两端分别是一个cisco的asa。在这两个office里的内部网络里,又用两个cisco router(7100和2600)build了个GRE tunnel来连接两个Vlan,build完后,从一端测试时,icmp和udp的packet都正常,就是tcp有问题。

    用wireshark看时,发现从对端返回的packet有TCP ACKed lost segment error,然后follow的另一个packet有broken tcp. the acknowledge field is nonzero的错误。象是tcp hand shake出现问题,会是什么问题?mtu/mss size问题?asymetric routing?
    • try to change the tunnel interface MTU to 1400... -wenjin(黄山); 2011-5-19 (#6689971@0)
      • tried adjusting MTU on one tunnel interface, it didn't work. Can't change the other Tunnel interface on the other end due to the old IOS version. Will upgrade the IOS later and give another try. -pnpn(双飞雁); 2011-5-25 (#6700406@0)
    • At asa: sysopt connection tcpmss 1468 (if GRE overhead = 4, no encr) or 1440 to be safe. -diresu(makeITwork); 2011-5-27 (#6703863@0)
      • Based on cisco, practically, you may need set tcpmss to 1300 -diresu(makeITwork); 2011-5-27 (#6703948@0)
        • Thanks. Do I need to apply this new mss value on both side ASA? or just one side is ok. -pnpn(双飞雁); 2011-5-29 (#6708834@0)

More Topics

  • 现在社区游泳池招救生员巡逻,过一会还要不停的点人头,这工作是否很快就被AI代替了,装一个摄像头后面是AI处理系统,这样只招一个等着救人就行了,人头沉下水一定时间立马强光照射,还可以分析水下人的状况来判断是否溺水等
  • 新冠疫苗引发心肌炎? 最新研究这样看
  • 这道几何题有解吗?
  • SAM 2 Demo
  • 如何在 AWS EC2 实例上构建 WordPress 应用程序?
    • 枫下论坛主坛工作学习学科技术讨论