Ask a question
Search in U-verse Forums

U-verse Forums

Reply
Posted Jan 24, 2013
2:16:04 PM
View profile
IPSEC tunnel not working after recent Outage

Hi to all:

 

I'm new to the forum and I'm not sure if this is the right area (lots of options) but here it goes.

After the recent Uverse outage my ANIRA (AT&T Managed Service) IPSEC tunnel stopped working.. I opened a ticket with the service and didn't find anything wrong with the setup.  The tech suggested to move the VPN box to another ISP and so I tested with AT&T DSL Service and other providers and it works flawlessly.. as soon as I bring it back to Uverse the VPN connection is never established

 

The error I'm receiving on my Uverse Router is src=xxx.xxx.xxx.xxx dst=xxx.xxx.xxx.xxx ipprot=1 icmp_type=3 icmp_code=3 ICMP Dest Unreachable, session terminated... Digging on ICMP Type 3 code 3, it states that it is a  Port unreachable error. Sent when the designated transport protocol is unable to demultiplex the datagram but has no protocol mechanism to inform the sender.

 

I'm just wondering if traffic has been rerouted through other devices that might be blocking ports that support IPSEC?  

 

Any ideas/suggestions?

 

Thanks!

 

Carlos

Hi to all:

 

I'm new to the forum and I'm not sure if this is the right area (lots of options) but here it goes.

After the recent Uverse outage my ANIRA (AT&T Managed Service) IPSEC tunnel stopped working.. I opened a ticket with the service and didn't find anything wrong with the setup.  The tech suggested to move the VPN box to another ISP and so I tested with AT&T DSL Service and other providers and it works flawlessly.. as soon as I bring it back to Uverse the VPN connection is never established

 

The error I'm receiving on my Uverse Router is src=xxx.xxx.xxx.xxx dst=xxx.xxx.xxx.xxx ipprot=1 icmp_type=3 icmp_code=3 ICMP Dest Unreachable, session terminated... Digging on ICMP Type 3 code 3, it states that it is a  Port unreachable error. Sent when the designated transport protocol is unable to demultiplex the datagram but has no protocol mechanism to inform the sender.

 

I'm just wondering if traffic has been rerouted through other devices that might be blocking ports that support IPSEC?  

 

Any ideas/suggestions?

 

Thanks!

 

Carlos

0
(0)
  • Rate this reply
View profile
Solved
Jan 24, 2013 3:26:38 PM
0
(0)
Expert
In all likelihood, your connection probably has the small 576 byte MTU assigned to it, which will probably break any IPSec VPN. See the following thread for the details:

http://forums.att.com/t5/Features-and-How-To/MTU-change-after-1-21-outage/td-p/3408917
Accepted Solution

IPSEC tunnel not working after recent Outage

1,880 views
2 replies
(0) Me too
(0) Me too
Reply
View all replies
(2)
0
(0)
  • Rate this reply
View profile
Solved
Jan 24, 2013 3:26:38 PM
0
(0)
Expert
In all likelihood, your connection probably has the small 576 byte MTU assigned to it, which will probably break any IPSec VPN. See the following thread for the details:

http://forums.att.com/t5/Features-and-How-To/MTU-change-after-1-21-outage/td-p/3408917
In all likelihood, your connection probably has the small 576 byte MTU assigned to it, which will probably break any IPSec VPN. See the following thread for the details:

http://forums.att.com/t5/Features-and-How-To/MTU-change-after-1-21-outage/td-p/3408917

Re: IPSEC tunnel not working after recent Outage

2 of 3 (1,862 Views)
Solution
0
(0)
  • Rate this reply
View profile
Jan 24, 2013 7:56:07 PM
0
(0)
Contributor

You were definetely right.. my MTU was lowered... I just went to the RG and ask to refresh the Broadband connection,,, MTU was changed to 1500 and VPN is up now.

 

Thanks again for your guidance.

 

Best regards

 

Carlos

You were definetely right.. my MTU was lowered... I just went to the RG and ask to refresh the Broadband connection,,, MTU was changed to 1500 and VPN is up now.

 

Thanks again for your guidance.

 

Best regards

 

Carlos

Re: IPSEC tunnel not working after recent Outage

3 of 3 (1,829 Views)
Advanced
You must be signed in to add attachments
Share this post
Share this post