[vpn-help] Updated package and problem reports
Matthew Grooms
mgrooms at shrew.net
Thu Aug 17 00:53:36 CDT 2006
Peter Eisch wrote:
>
>
> This is all quite odd. I can do large IMAP folder sync’s over the
> session to servers at-large on the net without incident. I can even
> putty and scp large files. Is there anything you do inside the
> payload? Because this is with firefox as well as ie I might wonder if
> they do something different with sockets or something. I can’t really
> think it’s a server issue because the cisco client zips right along
> without incident to the same sites.
>
> Here’s probably something more than what you wanted....
>
> Three sets of logs. First is the client log with as much info in it as
> I could, even the public interface. Next is Exhibit B which is
> specifically copied from the session:
> cow# tcpdump -s1500 -nvv host 10.1.101.26 and not port 22
> Where ‘cow’ is the concentrator. Last is Exhibit C which is the output
> of the command:
> cottonmouth# tcpdump -p -nvv -s 1500 -i vlan101 port 80
> Where ‘cottonmouth’ is the upstream firewall.
>
Ha! After much tinkering with different options, I think I have finally
found a combination that reproduces this issue. It seems to be related
to using NATT in certain config combinations. If you disable NATT does
the problem go away?
I will have a look at this first thing tomorrow and hopefully have a
solution for you by end of day.
Thanks,
-Matthew
More information about the vpn-help
mailing list