Thanks for your replies.
A traceroute will traverse the entire path. As for the MTU of 1476, I
believe it is because of the overhead added by the encryption. Attempts
have been made to increase the MTU size on the link, but to this point they
have been unsuccessful.
When an ftp is attempted from a UNIX box, which is trying to send with an
MTU of 1500, the process fails. When that same file is ftp-d from a Win95
machine ( which uses a smaller MTU ) it works fine.
This is why I am pointing to the MTU issue, and lack of ICMP messages, as
possible problems.
Steve D.
-----Original Message-----
From: Gareth Hinton [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, October 25, 2000 5:41 AM
To: [EMAIL PROTECTED]
Subject: Re: Not receiving ICMP messages
Hi Steve,
Is the MTU size of 1476 a limitation of the encryption, or merely because of
the overheads added by the encryption knocking it down from 1500. Is it a
possibility to increase the MTU size on the link?
Gaz
"Phil Barker" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Steve,
> Without CLI access your going to struggle.
> Q : How far does the traceroute get, from the send
> node ?
>
> try rfc 792 ICMP
> http://www.landfield.com/rfcs/rfc792.html
>
> >> SNIP from RFC 792
>
> If a host reassembling a fragmented datagram
> cannot complete the
> reassembly due to missing fragments within its
> time limit it
> discards the datagram, and it may send a time
> exceeded message.
>
> If fragment zero is not available then no time
> exceeded need be
> sent at all.
>
> Good luck,
>
> Phil.
>
>
>
> --- "Donohue, Steve" <[EMAIL PROTECTED]> wrote:
> > Good Afternoon All,
> >
> > I am currently trying to resolve an issue where we
> > are having trouble
> > sending data across a tunnel running GRE encryption.
> > With this encryption
> > employed the MTU size allowed is decreased to 1476.
> > When we attempt to send
> > traffic (email, ftp, etc...) through the tunnel, we
> > are finding that it does
> > not work.
> >
> > My sniffer trace is showing that the frames being
> > sent are setting the DF
> > bit, which I would expect. I would then expect that
> > if the router is unable
> > to send the packet, it would drop it and return an
> > ICMP message back to the
> > source telling it to decrease the packet size and
> > try it again. I am not
> > seeing any of these messages.
> >
> > We are running HSRP on the ethernet interfaces that
> > connect to my LAN. I
> > believe we are running a 12.0 IOS release, although
> > I am not sure of the
> > actual version.
> >
> > Does anyone have any ideas why this might be
> > happening? I am trying to
> > resolve this issue while having no CLI access to the
> > routers. I have been
> > informed by the controlling body that there are no
> > access lists prohibiting
> > ICMP messages from being sent, and there are no
> > firewall rules in place that
> > would be dropping the ICMP messages.
> >
> > Any and all explanations of possible
> > causes/resolutions would be
> > appreciated.
> >
> > Steve D.
> >
> >
> >
> >
> >
>
>
> ____________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk
> or your free @yahoo.ie address at http://mail.yahoo.ie
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
_________________________________
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
