Had an issue where traffic was not working to a website. The connection to the site was branch office -> VPN -> HQ office -> VPN -> Webserver.
All VPN's were up and ACL rules looked good.
We took some captures saw the traffic going out and back but not arrvinng on the branch firewall. Looking at the asp drop table we saw tcp-not-syn. It was like the branch office could not see the return traffic was part of an existing TCP connection.
We telnet'd to the web site on 443 but using the web browser didn't work. The issue in the end was MTU.
The MTU on the branch site was set quite low 1340.
No comments:
Post a Comment