[ale] OT: question about windows Cisco VPN client and wireless broadband pc card device

Jim Popovitch jimpop at yahoo.com
Thu Mar 2 14:22:19 EST 2006


One comment about MTU and VPNs....  The VPN server will attempt to 
determine the Path MTU (P-MTU) between it and you.  Basically the P-MTU 
is the lowest MTU of any one hop.  Remember that the VPN is (most 
likely) streaming UDP packets to you so knowing P-MTU helps it control 
the rate of flow.   Now, if you have ICMP disabled along the way you can 
have lots of MTU problems because the VPN server won't be able to 
determine the MTU of that/those hops, and it is usually some of those 
hops that have the lowest MTU.  Not all ICMP traffic is bad. ;-)

Also, FWIW, I've never been able to get a VPN over a VPN to work.  At 
work we now have two (as a result of corp acquisition) and I can use 
either or but not both.  <-- major PITA.

-Jim P.

Joe Knapka wrote:
> Van Loggins wrote:
> 
>> does anyone know of any issues or problems with using a Sprint
>> Wireless broadband PC card to connect to a remote site using the
>> current release windows version of the cisco vpn client software?
>>  
>>
> At some point in the past (a couple years ago now), I had problems 
> connecting
> via a wireless connection, because the Cisco client sets the "Don't 
> Fragment" bit
> on all its IP packets, but the MTU of the wireless connection was less 
> than the
> size of the packets the client was trying to send, so they all got 
> dropped.  IIRC
> raising the MTU of both ends of the wireless link solved it. This was over a
> wifi connection, though, and I controlled both sides of the link (the 
> other side
> was my wireless AP), so I'm not sure if it's relevant to you.
> 
> -- JK
> 
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
> 




More information about the Ale mailing list