Thanks for this Roger. However the ping still doesn't work at 1400. Technet says not to set this below 1400, what else can I do?
Thanks -Warren -----Original Message----- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Friday, July 18, 2003 10:54 AM To: Exchange Discussions Subject: RE: Outlook/Exchange/VPN connectivity problem Nope. Not DNS. MTU size. Do a technet search on MTU (or check with your VPN client vendor if you're not using the built in client) and find out how to set the MTU to <1500 (we use 1400). Outlook has a nasty habit of setting the Do Not Fragment bit on communications, and sends it at the existing MTU size. The VPN client then encapulates the packet and adds to the packet size, exceeding the network's MTU. The first hop router then generates an ICMP reply basically saying the packet needs to be fragmented by DF flag is set (Don't Fragment Flag). You can test it with the following command while connected via VPN. ping -l 1536 -f ipaddress 1536 is the standard Ethernet MTU. Try dropping that to 1400 and seeing if it works. I'd bet that's your culprit. -------------------------------------------------------------- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. > -----Original Message----- > From: Warren Cundy [mailto:[EMAIL PROTECTED] > Sent: Friday, July 18, 2003 1:06 PM > To: Exchange Discussions > Subject: Outlook/Exchange/VPN connectivity problem > > > Hi guys, > > A few users are having an intermittent connectivity problem > to Exchange > server over a VPN connection. Here's what we're using: > Exchange 2000 Sp3, > Outlook 2002 Sp2 on the clients. > > When these users connect to our VPN, they can see/ping > everything, including > Exchange, but always have problems opening outlook. First > they have to set > their profile to manually control the connection and force an online > connection. Even then they have to hit "retry" a few times, > but it finally > connects, although very slowly. > > I know DNS DNS DNS, but they can ping the Exchange server by > name, and I > even gave them entries in the HOSTS file for the local (internal VPN) > address of the Exchange server... any thoughts here? Its > driving me crazy. > > -W > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t ext_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
