OWA + E2K7 and Cisco VPN

Daniel Falconetti · Joined: 07 Feb 2008 Posts: 6

Hi,

I've got users connecting to an Exchange 2K7 thru a Cisco VPN.
They can open OWA and send a message but if they want to join an attachment
(even small one 50K), the upload of the attachment freeze.
It works locally.

I thought firts of a problem with MTU on the CISCO VPN.
I made a test with an exchange 2K7 on Internet and it works...
The stream goes thru the same VPN to the central site before beeing routed
to Internet!!!!

Any clues?

Thanks for your help
The stream goes

Archived from group: microsoft>public>exchange>clients

John Oliver, Jr. [MVP] · Joined: 05 Aug 2007 Posts: 823

Can you copy the file across the VPN not using OWA?

--
John Oliver, Jr
MCSE, MCT, CCNA
Exchange MVP 2008
Microsoft Certified Partner

"Daniel Falconetti" wrote in message
news:%237oTTkWaIHA.4140@TK2MSFTNGP04.phx.gbl...
> Hi,
>
> I've got users connecting to an Exchange 2K7 thru a Cisco VPN.
> They can open OWA and send a message but if they want to join an
> attachment (even small one 50K), the upload of the attachment freeze.
> It works locally.
>
> I thought firts of a problem with MTU on the CISCO VPN.
> I made a test with an exchange 2K7 on Internet and it works...
> The stream goes thru the same VPN to the central site before beeing routed
> to Internet!!!!
>
> Any clues?
>
> Thanks for your help
> The stream goes
>

Daniel Falconetti · Joined: 07 Feb 2008 Posts: 6

We tried a transfer thru FTP from the remote site and it seems that
Downloads works fine but uploads are very slow...

thks for your help

"John Oliver, Jr. [MVP]" a écrit dans le message de
news: %23OIXcDfaIHA.1132@TK2MSFTNGP06.phx.gbl...
> Can you copy the file across the VPN not using OWA?
>
> --
> John Oliver, Jr
> MCSE, MCT, CCNA
> Exchange MVP 2008
> Microsoft Certified Partner
>
>
> "Daniel Falconetti" wrote in message
> news:%237oTTkWaIHA.4140@TK2MSFTNGP04.phx.gbl...
>> Hi,
>>
>> I've got users connecting to an Exchange 2K7 thru a Cisco VPN.
>> They can open OWA and send a message but if they want to join an
>> attachment (even small one 50K), the upload of the attachment freeze.
>> It works locally.
>>
>> I thought firts of a problem with MTU on the CISCO VPN.
>> I made a test with an exchange 2K7 on Internet and it works...
>> The stream goes thru the same VPN to the central site before beeing
>> routed to Internet!!!!
>>
>> Any clues?
>>
>> Thanks for your help
>> The stream goes
>>
>
>

John Oliver, Jr. [MVP] · Joined: 05 Aug 2007 Posts: 823

Don't try through FTP, simply open a network share on one end and copy the
file and paste it on the other. Does it succeed? What model of Cisco VPN
equipment are you using on both ends? Have you enabled monitoring/logging
on the Cisco devices to see if they are showing anything when you try to
send attachment through OWA?

--
John Oliver, Jr
MCSE, MCT, CCNA
Exchange MVP 2008
Microsoft Certified Partner

"Daniel Falconetti" wrote in message @TK2MSFTNGP03.phx.gbl...
> We tried a transfer thru FTP from the remote site and it seems that
> Downloads works fine but uploads are very slow...
>
> thks for your help
>
>
> "John Oliver, Jr. [MVP]" a écrit dans le message
> de news: %23OIXcDfaIHA.1132@TK2MSFTNGP06.phx.gbl...
>> Can you copy the file across the VPN not using OWA?
>>
>> --
>> John Oliver, Jr
>> MCSE, MCT, CCNA
>> Exchange MVP 2008
>> Microsoft Certified Partner
>>
>>
>> "Daniel Falconetti" wrote in message
>> news:%237oTTkWaIHA.4140@TK2MSFTNGP04.phx.gbl...
>>> Hi,
>>>
>>> I've got users connecting to an Exchange 2K7 thru a Cisco VPN.
>>> They can open OWA and send a message but if they want to join an
>>> attachment (even small one 50K), the upload of the attachment freeze.
>>> It works locally.
>>>
>>> I thought firts of a problem with MTU on the CISCO VPN.
>>> I made a test with an exchange 2K7 on Internet and it works...
>>> The stream goes thru the same VPN to the central site before beeing
>>> routed to Internet!!!!
>>>
>>> Any clues?
>>>
>>> Thanks for your help
>>> The stream goes
>>>
>>
>>
>
>

John Fullbright · Joined: 05 Aug 2007 Posts: 365

On the VPN client, try disabling the stateful firewall.

"John Oliver, Jr. [MVP]" wrote in message %23maIHA.1208@TK2MSFTNGP05.phx.gbl...
> Don't try through FTP, simply open a network share on one end and copy the
> file and paste it on the other. Does it succeed? What model of Cisco VPN
> equipment are you using on both ends? Have you enabled monitoring/logging
> on the Cisco devices to see if they are showing anything when you try to
> send attachment through OWA?
>
> --
> John Oliver, Jr
> MCSE, MCT, CCNA
> Exchange MVP 2008
> Microsoft Certified Partner
>
>
> "Daniel Falconetti" wrote in message
> @TK2MSFTNGP03.phx.gbl...
>> We tried a transfer thru FTP from the remote site and it seems that
>> Downloads works fine but uploads are very slow...
>>
>> thks for your help
>>
>>
>> "John Oliver, Jr. [MVP]" a écrit dans le message
>> de news: %23OIXcDfaIHA.1132@TK2MSFTNGP06.phx.gbl...
>>> Can you copy the file across the VPN not using OWA?
>>>
>>> --
>>> John Oliver, Jr
>>> MCSE, MCT, CCNA
>>> Exchange MVP 2008
>>> Microsoft Certified Partner
>>>
>>>
>>> "Daniel Falconetti" wrote in message
>>> news:%237oTTkWaIHA.4140@TK2MSFTNGP04.phx.gbl...
>>>> Hi,
>>>>
>>>> I've got users connecting to an Exchange 2K7 thru a Cisco VPN.
>>>> They can open OWA and send a message but if they want to join an
>>>> attachment (even small one 50K), the upload of the attachment freeze.
>>>> It works locally.
>>>>
>>>> I thought firts of a problem with MTU on the CISCO VPN.
>>>> I made a test with an exchange 2K7 on Internet and it works...
>>>> The stream goes thru the same VPN to the central site before beeing
>>>> routed to Internet!!!!
>>>>
>>>> Any clues?
>>>>
>>>> Thanks for your help
>>>> The stream goes
>>>>
>>>
>>>
>>
>>
>
>

John Oliver, Jr. [MVP] · Joined: 05 Aug 2007 Posts: 823

John,

I was under the impression this was a dedicated VPN connection between Main
and Remote site not VPN Clients connecting. If not, then I would have
suggested he look at Outlook Anywhere for the clients since he even stated
the connection is slow currently with VPN Tunnel.

--
John Oliver, Jr
MCSE, MCT, CCNA
Exchange MVP 2008
Microsoft Certified Partner

"John Fullbright" wrote in message @TK2MSFTNGP06.phx.gbl...
> On the VPN client, try disabling the stateful firewall.
>
>
> "John Oliver, Jr. [MVP]" wrote in message
> %23maIHA.1208@TK2MSFTNGP05.phx.gbl...
>> Don't try through FTP, simply open a network share on one end and copy
>> the file and paste it on the other. Does it succeed? What model of
>> Cisco VPN equipment are you using on both ends? Have you enabled
>> monitoring/logging on the Cisco devices to see if they are showing
>> anything when you try to send attachment through OWA?
>>
>> --
>> John Oliver, Jr
>> MCSE, MCT, CCNA
>> Exchange MVP 2008
>> Microsoft Certified Partner
>>
>>
>> "Daniel Falconetti" wrote in message
>> @TK2MSFTNGP03.phx.gbl...
>>> We tried a transfer thru FTP from the remote site and it seems that
>>> Downloads works fine but uploads are very slow...
>>>
>>> thks for your help
>>>
>>>
>>> "John Oliver, Jr. [MVP]" a écrit dans le
>>> message de news: %23OIXcDfaIHA.1132@TK2MSFTNGP06.phx.gbl...
>>>> Can you copy the file across the VPN not using OWA?
>>>>
>>>> --
>>>> John Oliver, Jr
>>>> MCSE, MCT, CCNA
>>>> Exchange MVP 2008
>>>> Microsoft Certified Partner
>>>>
>>>>
>>>> "Daniel Falconetti" wrote in message
>>>> news:%237oTTkWaIHA.4140@TK2MSFTNGP04.phx.gbl...
>>>>> Hi,
>>>>>
>>>>> I've got users connecting to an Exchange 2K7 thru a Cisco VPN.
>>>>> They can open OWA and send a message but if they want to join an
>>>>> attachment (even small one 50K), the upload of the attachment freeze.
>>>>> It works locally.
>>>>>
>>>>> I thought firts of a problem with MTU on the CISCO VPN.
>>>>> I made a test with an exchange 2K7 on Internet and it works...
>>>>> The stream goes thru the same VPN to the central site before beeing
>>>>> routed to Internet!!!!
>>>>>
>>>>> Any clues?
>>>>>
>>>>> Thanks for your help
>>>>> The stream goes
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>

John Fullbright · Joined: 05 Aug 2007 Posts: 365

I took it the other way. Many companies have an internet facing Cisco VPN
and the Cisco VPN client installed on laptops. That way users can VPN to
the corporate network from hotel rooms or whatever. If the only thing
you're accessing is mail, yeah Outlook Anywhere is a good option. If your
clients VPN to many other resources on the corporate network, and the
laptops at any given moment could be on or off the corporate network.. It
shouldn't be to hard to see the business drivers for such a configuration.
That said, the Cisco VPN client has a stateful firewall you can enable and
like most stateful firewalls (even the windows firewall) you have to be
careful of the settings. If your client is Windows XP SP2, there was an
issue with QOS scheduler and VPN over DSL as well. The workaround was to
disable QOS. Might try that as well, if it works, there's a post SP2 hotfix
for it.

http://support.microsoft.com/kb/886809/en-us

http://help.expedient.com/vpn/vpntrouble.shtml#7

"John Oliver, Jr. [MVP]" wrote in message @TK2MSFTNGP02.phx.gbl...
> John,
>
> I was under the impression this was a dedicated VPN connection between
> Main and Remote site not VPN Clients connecting. If not, then I would
> have suggested he look at Outlook Anywhere for the clients since he even
> stated the connection is slow currently with VPN Tunnel.
>
> --
> John Oliver, Jr
> MCSE, MCT, CCNA
> Exchange MVP 2008
> Microsoft Certified Partner
>
>
> "John Fullbright" wrote in message
> @TK2MSFTNGP06.phx.gbl...
>> On the VPN client, try disabling the stateful firewall.
>>
>>
>> "John Oliver, Jr. [MVP]" wrote in message
>> %23maIHA.1208@TK2MSFTNGP05.phx.gbl...
>>> Don't try through FTP, simply open a network share on one end and copy
>>> the file and paste it on the other. Does it succeed? What model of
>>> Cisco VPN equipment are you using on both ends? Have you enabled
>>> monitoring/logging on the Cisco devices to see if they are showing
>>> anything when you try to send attachment through OWA?
>>>
>>> --
>>> John Oliver, Jr
>>> MCSE, MCT, CCNA
>>> Exchange MVP 2008
>>> Microsoft Certified Partner
>>>
>>>
>>> "Daniel Falconetti" wrote in message
>>> @TK2MSFTNGP03.phx.gbl...
>>>> We tried a transfer thru FTP from the remote site and it seems that
>>>> Downloads works fine but uploads are very slow...
>>>>
>>>> thks for your help
>>>>
>>>>
>>>> "John Oliver, Jr. [MVP]" a écrit dans le
>>>> message de news: %23OIXcDfaIHA.1132@TK2MSFTNGP06.phx.gbl...
>>>>> Can you copy the file across the VPN not using OWA?
>>>>>
>>>>> --
>>>>> John Oliver, Jr
>>>>> MCSE, MCT, CCNA
>>>>> Exchange MVP 2008
>>>>> Microsoft Certified Partner
>>>>>
>>>>>
>>>>> "Daniel Falconetti" wrote in message
>>>>> news:%237oTTkWaIHA.4140@TK2MSFTNGP04.phx.gbl...
>>>>>> Hi,
>>>>>>
>>>>>> I've got users connecting to an Exchange 2K7 thru a Cisco VPN.
>>>>>> They can open OWA and send a message but if they want to join an
>>>>>> attachment (even small one 50K), the upload of the attachment freeze.
>>>>>> It works locally.
>>>>>>
>>>>>> I thought firts of a problem with MTU on the CISCO VPN.
>>>>>> I made a test with an exchange 2K7 on Internet and it works...
>>>>>> The stream goes thru the same VPN to the central site before beeing
>>>>>> routed to Internet!!!!
>>>>>>
>>>>>> Any clues?
>>>>>>
>>>>>> Thanks for your help
>>>>>> The stream goes
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>

Daniel Falconetti · Joined: 07 Feb 2008 Posts: 6

We've got a site to site VPN.
The central site has a CISCO 1721 and the remote sites either CISCO 837 or
877.
On the access lists the DF bit is forced to 0.

Access to network share is a problem as well.

On the Exchnage server side, we see fragmented packets and the CAS doesn't
seems to acknoledge them.
The client on is side resends packets.

I thought we had a MTU problem but what I don't understand is that it works
if I try to access an Internet based OWA server (the one I've got at home).
the stream from the client goes thru the VPN in both cases and goes thru
more components when accessing the Internet OWA than the 'local' OWA.

Access to the 'local' OWA works well from the main site.

We're going to make more tests this afternoon.

Thks

"John Fullbright" a écrit dans le message de
news: %23$2ono5aIHA.1376@TK2MSFTNGP02.phx.gbl...
>I took it the other way. Many companies have an internet facing Cisco VPN
>and the Cisco VPN client installed on laptops. That way users can VPN to
>the corporate network from hotel rooms or whatever. If the only thing
>you're accessing is mail, yeah Outlook Anywhere is a good option. If your
>clients VPN to many other resources on the corporate network, and the
>laptops at any given moment could be on or off the corporate network.. It
>shouldn't be to hard to see the business drivers for such a configuration.
>That said, the Cisco VPN client has a stateful firewall you can enable and
>like most stateful firewalls (even the windows firewall) you have to be
>careful of the settings. If your client is Windows XP SP2, there was an
>issue with QOS scheduler and VPN over DSL as well. The workaround was to
>disable QOS. Might try that as well, if it works, there's a post SP2
>hotfix for it.
>
> http://support.microsoft.com/kb/886809/en-us
>
> http://help.expedient.com/vpn/vpntrouble.shtml#7
>
>
>
>
> "John Oliver, Jr. [MVP]" wrote in message
> @TK2MSFTNGP02.phx.gbl...
>> John,
>>
>> I was under the impression this was a dedicated VPN connection between
>> Main and Remote site not VPN Clients connecting. If not, then I would
>> have suggested he look at Outlook Anywhere for the clients since he even
>> stated the connection is slow currently with VPN Tunnel.
>>
>> --
>> John Oliver, Jr
>> MCSE, MCT, CCNA
>> Exchange MVP 2008
>> Microsoft Certified Partner
>>
>>
>> "John Fullbright" wrote in message
>> @TK2MSFTNGP06.phx.gbl...
>>> On the VPN client, try disabling the stateful firewall.
>>>
>>>
>>> "John Oliver, Jr. [MVP]" wrote in message
>>> %23maIHA.1208@TK2MSFTNGP05.phx.gbl...
>>>> Don't try through FTP, simply open a network share on one end and copy
>>>> the file and paste it on the other. Does it succeed? What model of
>>>> Cisco VPN equipment are you using on both ends? Have you enabled
>>>> monitoring/logging on the Cisco devices to see if they are showing
>>>> anything when you try to send attachment through OWA?
>>>>
>>>> --
>>>> John Oliver, Jr
>>>> MCSE, MCT, CCNA
>>>> Exchange MVP 2008
>>>> Microsoft Certified Partner
>>>>
>>>>
>>>> "Daniel Falconetti" wrote in message
>>>> @TK2MSFTNGP03.phx.gbl...
>>>>> We tried a transfer thru FTP from the remote site and it seems that
>>>>> Downloads works fine but uploads are very slow...
>>>>>
>>>>> thks for your help
>>>>>
>>>>>
>>>>> "John Oliver, Jr. [MVP]" a écrit dans le
>>>>> message de news: %23OIXcDfaIHA.1132@TK2MSFTNGP06.phx.gbl...
>>>>>> Can you copy the file across the VPN not using OWA?
>>>>>>
>>>>>> --
>>>>>> John Oliver, Jr
>>>>>> MCSE, MCT, CCNA
>>>>>> Exchange MVP 2008
>>>>>> Microsoft Certified Partner
>>>>>>
>>>>>>
>>>>>> "Daniel Falconetti" wrote in message
>>>>>> news:%237oTTkWaIHA.4140@TK2MSFTNGP04.phx.gbl...
>>>>>>> Hi,
>>>>>>>
>>>>>>> I've got users connecting to an Exchange 2K7 thru a Cisco VPN.
>>>>>>> They can open OWA and send a message but if they want to join an
>>>>>>> attachment (even small one 50K), the upload of the attachment
>>>>>>> freeze.
>>>>>>> It works locally.
>>>>>>>
>>>>>>> I thought firts of a problem with MTU on the CISCO VPN.
>>>>>>> I made a test with an exchange 2K7 on Internet and it works...
>>>>>>> The stream goes thru the same VPN to the central site before beeing
>>>>>>> routed to Internet!!!!
>>>>>>>
>>>>>>> Any clues?
>>>>>>>
>>>>>>> Thanks for your help
>>>>>>> The stream goes
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>

John Oliver, Jr. [MVP] · Joined: 05 Aug 2007 Posts: 823

Sounds like Fragment size on the interface, seen a similar issue and had to
change the "ip tcp adjust-mss" value to 1300. MTU was set to1400. If this
does not work, call Cisco TAC, I assume you have Cisco Smartnet?

--
John Oliver, Jr
MCSE, MCT, CCNA
Exchange MVP 2008
Microsoft Certified Partner

"Daniel Falconetti" wrote in message @TK2MSFTNGP03.phx.gbl...
> We've got a site to site VPN.
> The central site has a CISCO 1721 and the remote sites either CISCO 837 or
> 877.
> On the access lists the DF bit is forced to 0.
>
> Access to network share is a problem as well.
>
> On the Exchnage server side, we see fragmented packets and the CAS doesn't
> seems to acknoledge them.
> The client on is side resends packets.
>
> I thought we had a MTU problem but what I don't understand is that it
> works if I try to access an Internet based OWA server (the one I've got at
> home).
> the stream from the client goes thru the VPN in both cases and goes thru
> more components when accessing the Internet OWA than the 'local' OWA.
>
> Access to the 'local' OWA works well from the main site.
>
> We're going to make more tests this afternoon.
>
> Thks
>
> "John Fullbright" a écrit dans le message de
> news: %23$2ono5aIHA.1376@TK2MSFTNGP02.phx.gbl...
>>I took it the other way. Many companies have an internet facing Cisco VPN
>>and the Cisco VPN client installed on laptops. That way users can VPN to
>>the corporate network from hotel rooms or whatever. If the only thing
>>you're accessing is mail, yeah Outlook Anywhere is a good option. If your
>>clients VPN to many other resources on the corporate network, and the
>>laptops at any given moment could be on or off the corporate network.. It
>>shouldn't be to hard to see the business drivers for such a configuration.
>>That said, the Cisco VPN client has a stateful firewall you can enable and
>>like most stateful firewalls (even the windows firewall) you have to be
>>careful of the settings. If your client is Windows XP SP2, there was an
>>issue with QOS scheduler and VPN over DSL as well. The workaround was to
>>disable QOS. Might try that as well, if it works, there's a post SP2
>>hotfix for it.
>>
>> http://support.microsoft.com/kb/886809/en-us
>>
>> http://help.expedient.com/vpn/vpntrouble.shtml#7
>>
>>
>>
>>
>> "John Oliver, Jr. [MVP]" wrote in message
>> @TK2MSFTNGP02.phx.gbl...
>>> John,
>>>
>>> I was under the impression this was a dedicated VPN connection between
>>> Main and Remote site not VPN Clients connecting. If not, then I would
>>> have suggested he look at Outlook Anywhere for the clients since he even
>>> stated the connection is slow currently with VPN Tunnel.
>>>
>>> --
>>> John Oliver, Jr
>>> MCSE, MCT, CCNA
>>> Exchange MVP 2008
>>> Microsoft Certified Partner
>>>
>>>
>>> "John Fullbright" wrote in message
>>> @TK2MSFTNGP06.phx.gbl...
>>>> On the VPN client, try disabling the stateful firewall.
>>>>
>>>>
>>>> "John Oliver, Jr. [MVP]" wrote in message
>>>> %23maIHA.1208@TK2MSFTNGP05.phx.gbl...
>>>>> Don't try through FTP, simply open a network share on one end and copy
>>>>> the file and paste it on the other. Does it succeed? What model of
>>>>> Cisco VPN equipment are you using on both ends? Have you enabled
>>>>> monitoring/logging on the Cisco devices to see if they are showing
>>>>> anything when you try to send attachment through OWA?
>>>>>
>>>>> --
>>>>> John Oliver, Jr
>>>>> MCSE, MCT, CCNA
>>>>> Exchange MVP 2008
>>>>> Microsoft Certified Partner
>>>>>
>>>>>
>>>>> "Daniel Falconetti" wrote in message
>>>>> @TK2MSFTNGP03.phx.gbl...
>>>>>> We tried a transfer thru FTP from the remote site and it seems that
>>>>>> Downloads works fine but uploads are very slow...
>>>>>>
>>>>>> thks for your help
>>>>>>
>>>>>>
>>>>>> "John Oliver, Jr. [MVP]" a écrit dans le
>>>>>> message de news: %23OIXcDfaIHA.1132@TK2MSFTNGP06.phx.gbl...
>>>>>>> Can you copy the file across the VPN not using OWA?
>>>>>>>
>>>>>>> --
>>>>>>> John Oliver, Jr
>>>>>>> MCSE, MCT, CCNA
>>>>>>> Exchange MVP 2008
>>>>>>> Microsoft Certified Partner
>>>>>>>
>>>>>>>
>>>>>>> "Daniel Falconetti" wrote in message
>>>>>>> news:%237oTTkWaIHA.4140@TK2MSFTNGP04.phx.gbl...
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> I've got users connecting to an Exchange 2K7 thru a Cisco VPN.
>>>>>>>> They can open OWA and send a message but if they want to join an
>>>>>>>> attachment (even small one 50K), the upload of the attachment
>>>>>>>> freeze.
>>>>>>>> It works locally.
>>>>>>>>
>>>>>>>> I thought firts of a problem with MTU on the CISCO VPN.
>>>>>>>> I made a test with an exchange 2K7 on Internet and it works...
>>>>>>>> The stream goes thru the same VPN to the central site before beeing
>>>>>>>> routed to Internet!!!!
>>>>>>>>
>>>>>>>> Any clues?
>>>>>>>>
>>>>>>>> Thanks for your help
>>>>>>>> The stream goes
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>

Daniel Falconetti · Joined: 07 Feb 2008 Posts: 6

We made a test with a juniper on the central site and it works OK. So the
problem is definitively on the CISCO part.

We might as well migrate all sites VPN to the juniper box.

Thanks for your help

"John Oliver, Jr. [MVP]" a écrit dans le message de
news: OzVGfp%23bIHA.4436@TK2MSFTNGP05.phx.gbl...
> Sounds like Fragment size on the interface, seen a similar issue and had
> to change the "ip tcp adjust-mss" value to 1300. MTU was set to1400. If
> this does not work, call Cisco TAC, I assume you have Cisco Smartnet?
>
> --
> John Oliver, Jr
> MCSE, MCT, CCNA
> Exchange MVP 2008
> Microsoft Certified Partner
>
>
> "Daniel Falconetti" wrote in message
> @TK2MSFTNGP03.phx.gbl...
>> We've got a site to site VPN.
>> The central site has a CISCO 1721 and the remote sites either CISCO 837
>> or 877.
>> On the access lists the DF bit is forced to 0.
>>
>> Access to network share is a problem as well.
>>
>> On the Exchnage server side, we see fragmented packets and the CAS
>> doesn't seems to acknoledge them.
>> The client on is side resends packets.
>>
>> I thought we had a MTU problem but what I don't understand is that it
>> works if I try to access an Internet based OWA server (the one I've got
>> at home).
>> the stream from the client goes thru the VPN in both cases and goes thru
>> more components when accessing the Internet OWA than the 'local' OWA.
>>
>> Access to the 'local' OWA works well from the main site.
>>
>> We're going to make more tests this afternoon.
>>
>> Thks
>>
>> "John Fullbright" a écrit dans le message
>> de news: %23$2ono5aIHA.1376@TK2MSFTNGP02.phx.gbl...
>>>I took it the other way. Many companies have an internet facing Cisco
>>>VPN and the Cisco VPN client installed on laptops. That way users can
>>>VPN to the corporate network from hotel rooms or whatever. If the only
>>>thing you're accessing is mail, yeah Outlook Anywhere is a good option.
>>>If your clients VPN to many other resources on the corporate network, and
>>>the laptops at any given moment could be on or off the corporate
>>>network.. It shouldn't be to hard to see the business drivers for such a
>>>configuration. That said, the Cisco VPN client has a stateful firewall
>>>you can enable and like most stateful firewalls (even the windows
>>>firewall) you have to be careful of the settings. If your client is
>>>Windows XP SP2, there was an issue with QOS scheduler and VPN over DSL as
>>>well. The workaround was to disable QOS. Might try that as well, if it
>>>works, there's a post SP2 hotfix for it.
>>>
>>> http://support.microsoft.com/kb/886809/en-us
>>>
>>> http://help.expedient.com/vpn/vpntrouble.shtml#7
>>>
>>>
>>>
>>>
>>> "John Oliver, Jr. [MVP]" wrote in message
>>> @TK2MSFTNGP02.phx.gbl...
>>>> John,
>>>>
>>>> I was under the impression this was a dedicated VPN connection between
>>>> Main and Remote site not VPN Clients connecting. If not, then I would
>>>> have suggested he look at Outlook Anywhere for the clients since he
>>>> even stated the connection is slow currently with VPN Tunnel.
>>>>
>>>> --
>>>> John Oliver, Jr
>>>> MCSE, MCT, CCNA
>>>> Exchange MVP 2008
>>>> Microsoft Certified Partner
>>>>
>>>>
>>>> "John Fullbright" wrote in message
>>>> @TK2MSFTNGP06.phx.gbl...
>>>>> On the VPN client, try disabling the stateful firewall.
>>>>>
>>>>>
>>>>> "John Oliver, Jr. [MVP]" wrote in message
>>>>> %23maIHA.1208@TK2MSFTNGP05.phx.gbl...
>>>>>> Don't try through FTP, simply open a network share on one end and
>>>>>> copy the file and paste it on the other. Does it succeed? What
>>>>>> model of Cisco VPN equipment are you using on both ends? Have you
>>>>>> enabled monitoring/logging on the Cisco devices to see if they are
>>>>>> showing anything when you try to send attachment through OWA?
>>>>>>
>>>>>> --
>>>>>> John Oliver, Jr
>>>>>> MCSE, MCT, CCNA
>>>>>> Exchange MVP 2008
>>>>>> Microsoft Certified Partner
>>>>>>
>>>>>>
>>>>>> "Daniel Falconetti" wrote in message
>>>>>> @TK2MSFTNGP03.phx.gbl...
>>>>>>> We tried a transfer thru FTP from the remote site and it seems that
>>>>>>> Downloads works fine but uploads are very slow...
>>>>>>>
>>>>>>> thks for your help
>>>>>>>
>>>>>>>
>>>>>>> "John Oliver, Jr. [MVP]" a écrit dans le
>>>>>>> message de news: %23OIXcDfaIHA.1132@TK2MSFTNGP06.phx.gbl...
>>>>>>>> Can you copy the file across the VPN not using OWA?
>>>>>>>>
>>>>>>>> --
>>>>>>>> John Oliver, Jr
>>>>>>>> MCSE, MCT, CCNA
>>>>>>>> Exchange MVP 2008
>>>>>>>> Microsoft Certified Partner
>>>>>>>>
>>>>>>>>
>>>>>>>> "Daniel Falconetti" wrote in message
>>>>>>>> news:%237oTTkWaIHA.4140@TK2MSFTNGP04.phx.gbl...
>>>>>>>>> Hi,
>>>>>>>>>
>>>>>>>>> I've got users connecting to an Exchange 2K7 thru a Cisco VPN.
>>>>>>>>> They can open OWA and send a message but if they want to join an
>>>>>>>>> attachment (even small one 50K), the upload of the attachment
>>>>>>>>> freeze.
>>>>>>>>> It works locally.
>>>>>>>>>
>>>>>>>>> I thought firts of a problem with MTU on the CISCO VPN.
>>>>>>>>> I made a test with an exchange 2K7 on Internet and it works...
>>>>>>>>> The stream goes thru the same VPN to the central site before
>>>>>>>>> beeing routed to Internet!!!!
>>>>>>>>>
>>>>>>>>> Any clues?
>>>>>>>>>
>>>>>>>>> Thanks for your help
>>>>>>>>> The stream goes
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>

John Oliver, Jr. [MVP] · Joined: 05 Aug 2007 Posts: 823

Cisco is really solid, of course I am a Cisco Partner so I am a little
biased but they do make great security products among others. If you have
Smartnet on your Cisco equipment then give TAC a call, they will be able to
work with you until it gets resolved. Do no know Juniper, but I would make
sure they have the support staff and onsite replacement of hardware that
Cisco has. That is one thing you can say about Cisco, they will always be
there to support their products 24X7.

--
John Oliver, Jr
MCSE, MCT, CCNA
Exchange MVP 2008
Microsoft Certified Partner

"Daniel Falconetti" wrote in message
news:%23zJKtw$bIHA.4652@TK2MSFTNGP06.phx.gbl...
> We made a test with a juniper on the central site and it works OK. So the
> problem is definitively on the CISCO part.
>
> We might as well migrate all sites VPN to the juniper box.
>
> Thanks for your help
>
> "John Oliver, Jr. [MVP]" a écrit dans le message
> de news: OzVGfp%23bIHA.4436@TK2MSFTNGP05.phx.gbl...
>> Sounds like Fragment size on the interface, seen a similar issue and had
>> to change the "ip tcp adjust-mss" value to 1300. MTU was set to1400. If
>> this does not work, call Cisco TAC, I assume you have Cisco Smartnet?
>>
>> --
>> John Oliver, Jr
>> MCSE, MCT, CCNA
>> Exchange MVP 2008
>> Microsoft Certified Partner
>>
>>
>> "Daniel Falconetti" wrote in message
>> @TK2MSFTNGP03.phx.gbl...
>>> We've got a site to site VPN.
>>> The central site has a CISCO 1721 and the remote sites either CISCO 837
>>> or 877.
>>> On the access lists the DF bit is forced to 0.
>>>
>>> Access to network share is a problem as well.
>>>
>>> On the Exchnage server side, we see fragmented packets and the CAS
>>> doesn't seems to acknoledge them.
>>> The client on is side resends packets.
>>>
>>> I thought we had a MTU problem but what I don't understand is that it
>>> works if I try to access an Internet based OWA server (the one I've got
>>> at home).
>>> the stream from the client goes thru the VPN in both cases and goes thru
>>> more components when accessing the Internet OWA than the 'local' OWA.
>>>
>>> Access to the 'local' OWA works well from the main site.
>>>
>>> We're going to make more tests this afternoon.
>>>
>>> Thks
>>>
>>> "John Fullbright" a écrit dans le message
>>> de news: %23$2ono5aIHA.1376@TK2MSFTNGP02.phx.gbl...
>>>>I took it the other way. Many companies have an internet facing Cisco
>>>>VPN and the Cisco VPN client installed on laptops. That way users can
>>>>VPN to the corporate network from hotel rooms or whatever. If the only
>>>>thing you're accessing is mail, yeah Outlook Anywhere is a good option.
>>>>If your clients VPN to many other resources on the corporate network,
>>>>and the laptops at any given moment could be on or off the corporate
>>>>network.. It shouldn't be to hard to see the business drivers for such
>>>>a configuration. That said, the Cisco VPN client has a stateful firewall
>>>>you can enable and like most stateful firewalls (even the windows
>>>>firewall) you have to be careful of the settings. If your client is
>>>>Windows XP SP2, there was an issue with QOS scheduler and VPN over DSL
>>>>as well. The workaround was to disable QOS. Might try that as well, if
>>>>it works, there's a post SP2 hotfix for it.
>>>>
>>>> http://support.microsoft.com/kb/886809/en-us
>>>>
>>>> http://help.expedient.com/vpn/vpntrouble.shtml#7
>>>>
>>>>
>>>>
>>>>
>>>> "John Oliver, Jr. [MVP]" wrote in message
>>>> @TK2MSFTNGP02.phx.gbl...
>>>>> John,
>>>>>
>>>>> I was under the impression this was a dedicated VPN connection between
>>>>> Main and Remote site not VPN Clients connecting. If not, then I would
>>>>> have suggested he look at Outlook Anywhere for the clients since he
>>>>> even stated the connection is slow currently with VPN Tunnel.
>>>>>
>>>>> --
>>>>> John Oliver, Jr
>>>>> MCSE, MCT, CCNA
>>>>> Exchange MVP 2008
>>>>> Microsoft Certified Partner
>>>>>
>>>>>
>>>>> "John Fullbright" wrote in message
>>>>> @TK2MSFTNGP06.phx.gbl...
>>>>>> On the VPN client, try disabling the stateful firewall.
>>>>>>
>>>>>>
>>>>>> "John Oliver, Jr. [MVP]" wrote in message
>>>>>> %23maIHA.1208@TK2MSFTNGP05.phx.gbl...
>>>>>>> Don't try through FTP, simply open a network share on one end and
>>>>>>> copy the file and paste it on the other. Does it succeed? What
>>>>>>> model of Cisco VPN equipment are you using on both ends? Have you
>>>>>>> enabled monitoring/logging on the Cisco devices to see if they are
>>>>>>> showing anything when you try to send attachment through OWA?
>>>>>>>
>>>>>>> --
>>>>>>> John Oliver, Jr
>>>>>>> MCSE, MCT, CCNA
>>>>>>> Exchange MVP 2008
>>>>>>> Microsoft Certified Partner
>>>>>>>
>>>>>>>
>>>>>>> "Daniel Falconetti" wrote in message
>>>>>>> @TK2MSFTNGP03.phx.gbl...
>>>>>>>> We tried a transfer thru FTP from the remote site and it seems that
>>>>>>>> Downloads works fine but uploads are very slow...
>>>>>>>>
>>>>>>>> thks for your help
>>>>>>>>
>>>>>>>>
>>>>>>>> "John Oliver, Jr. [MVP]" a écrit dans le
>>>>>>>> message de news: %23OIXcDfaIHA.1132@TK2MSFTNGP06.phx.gbl...
>>>>>>>>> Can you copy the file across the VPN not using OWA?
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> John Oliver, Jr
>>>>>>>>> MCSE, MCT, CCNA
>>>>>>>>> Exchange MVP 2008
>>>>>>>>> Microsoft Certified Partner
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> "Daniel Falconetti" wrote in
>>>>>>>>> message news:%237oTTkWaIHA.4140@TK2MSFTNGP04.phx.gbl...
>>>>>>>>>> Hi,
>>>>>>>>>>
>>>>>>>>>> I've got users connecting to an Exchange 2K7 thru a Cisco VPN.
>>>>>>>>>> They can open OWA and send a message but if they want to join an
>>>>>>>>>> attachment (even small one 50K), the upload of the attachment
>>>>>>>>>> freeze.
>>>>>>>>>> It works locally.
>>>>>>>>>>
>>>>>>>>>> I thought firts of a problem with MTU on the CISCO VPN.
>>>>>>>>>> I made a test with an exchange 2K7 on Internet and it works...
>>>>>>>>>> The stream goes thru the same VPN to the central site before
>>>>>>>>>> beeing routed to Internet!!!!
>>>>>>>>>>
>>>>>>>>>> Any clues?
>>>>>>>>>>
>>>>>>>>>> Thanks for your help
>>>>>>>>>> The stream goes
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>

rbkumaran · Joined: 18 Feb 2008 Posts: 1

Not a great fan of cisco but this issue is more to do with MTUs &
"donotfragement" set on the packets from the exchange server/clients.
Any VPN device (Juniper or Cisco) by default will try to fragment
large packets and when a large packet arrives with DF set then
silently drop the packet so...for the client this looks like a mere
hang/crash but the fact is the packets never got there. This can be
modified though on the devices but at the cost of the VPN performance.

Had a similar problem with outlook from a branch office accessing the
HQ Ex2k3 thro a site to site vpn.

Kumaran
CCNA,SCSA
Network Consultant

Not able to Connect to Exchange Server over Cisco ASA SSL VP We have a strange problem. First some Back History. Our old domain (domain1) was in bad shape so we created a new domain (domain2) (no migration involved). Created a new DC (win2003 R2) for domain2 installed exchange 2003. On client system we Exported all

Cisco Unity Voice Mail Codec Format (64kbps 8 bitmono 8Khz C My company installed a Cisco based unified messaging, and the pocket pc, are unable to play the Voice Messages. So is there a CODEC available, or a new pocket pc version on the road map that will address this? Thanks,

O2K7 + E2K7 problem sharing calendar Hi, One user is trying to use the Share calendar assistant to share is calendar with other. When he click on Send he gets an error message stating that he hasn't got th proper rights to perform that action. He can still share his calendar manually (thru

E2K7 - Ex-BPA E2K7 Readiness check Would there be any reason why I could not run the EX-BPA E2K7 Readiness check? thanks - Harri

E2K7 cannot send email to E2K7 Hello. I recently installed exchange 2007 in LAB and have an odd problem. My LAB has three exchange servers. One E2K3 mailbox server, one E2K7(CA,HT) and one E2K7 clustered MB server. All E2K3 servers run Exchange 2007 SP1 Beta 2. I had setup a connector