Citat:
nkrgovic: Jebemliga..... Escalate? Trazi menadzera? Zovi svog menadzera/CTO-a/koga vec da ih cima. Ili promeni MTU, sta da ti kazem..... moguce da malo veci pakti probijaju limit, jer ima nekoliko "slojeva" pakovanja paketa u paket u paket...
Citat:
nkrgovic: Jebemliga..... Escalate? Trazi menadzera? Zovi svog menadzera/CTO-a/koga vec da ih cima. Ili promeni MTU, sta da ti kazem..... moguce da malo veci pakti probijaju limit, jer ima nekoliko "slojeva" pakovanja paketa u paket u paket...
Vidi ovo: ping sa aerodromskog Core sviča
BEGAP-Area2_CoreVSS#ping 10.0.12.68 sou vlan 107 df-bit size 1000
Type escape sequence to abort.
Sending 5, 1000-byte ICMP Echos to 10.0.12.68, timeout is 2 seconds:
Packet sent with a source address of 192.168.10.1
Packet sent with the DF bit set
!!!.!
Success rate is 80 percent (4/5), round-trip min/avg/max = 24/25/28 ms
BEGAP-Area2_CoreVSS#
Bez df bita:
BEGAP-Area2_CoreVSS#ping 10.0.12.68 sou vlan 107
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.12.68, timeout is 2 seconds:
Packet sent with a source address of 192.168.10.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/24/24 ms
BEGAP-Area2_CoreVSS#ping 10.0.12.68 sou vlan 107
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.12.68, timeout is 2 seconds:
Packet sent with a source address of 192.168.10.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/24/24 ms
BEGAP-Area2_CoreVSS#ping 10.0.12.68 sou vlan 107
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.12.68, timeout is 2 seconds:
Packet sent with a source address of 192.168.10.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/24/28 ms
BEGAP-Area2_CoreVSS#ping 10.0.12.68 sou vlan 107
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.12.68, timeout is 2 seconds:
Packet sent with a source address of 192.168.10.1
!.!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 24/24/24 ms
BEGAP-Area2_CoreVSS#
ASA:
JU-Internet-FW/pri/act# sh cry ipsec sa pee 34.65.86.117
peer address: 34.65.86.117
Crypto map tag: STAT_MAP, seq num: 3, local addr: 91.194.216.5
access-list IPSEC-Airserbia-AMOS_Swiss_DE extended permit ip 192.168.10.0 255.255.255.0 10.0.12.0 255.255.255.0
local ident (addr/mask/prot/port): (192.168.10.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (10.0.12.0/255.255.255.0/0/0)
current_peer: 34.65.86.117
#pkts encaps: 20421, #pkts encrypt: 20446, #pkts digest: 20446
#pkts decaps: 21096, #pkts decrypt: 21096, #pkts verify: 21096
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 20421, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 25, #pre-frag failures: 0, #fragments created: 50
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 57
#TFC rcvd: 0, #TFC sent: 0
#Valid ICMP Errors rcvd: 0, #Invalid ICMP Errors rcvd: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 91.194.216.5/500, remote crypto endpt.: 34.65.86.117/500
path mtu 1500, ipsec overhead 74(44), media mtu 1500
PMTU time remaining (sec): 0, DF policy: clear-df
ICMP error validation: disabled, TFC packets: disabled
current outbound spi: 1B9700B9
current inbound spi : E96E835F
Zato kažem da je problem skroz lud ;(
A što se menadžera i eskalacije tiče, nemam kome. Sam sam u ovom s*anju. Tebi bezgranično hvala što odvajaš vreme na ovo. Stisnuću pa ću probati da smanjim MTU. Mada mi je strepnja dublja od nade da će to išta promeniti.