| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW1] Citrix / Firewall-1 VPN incompatibility?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello,
I am trying to run Citrix (128-bit encryption) within a checkpoint
site-site VPN (IKE, 3DES, ESP). I can connect fine to the citrix box
accross the internet (without encryption), but when I try to connect
to its internal interface via the VPN it dies. The main screen
opens, but right before it prompts for authentication it stalls until
timeout.
There is a IP filter box enroute, passing all traffic.. I've noticed
this icmp error message amongst the traffic (IP's deleted):
qfe0 @0:77 p x.x.x.x -> y.y.y.y.y PR icmp len 20 56 icmp 3/4 for
y.y.y.y,1494 - x.x.x.x,2732 PR tcp len 20 1500 K-S IN
ICMP 3, code 4 is dest unreachable w/ IP fragmentation. Any idea as
to what is going on here?
Is it possible that the double layers of encrypted traffic is pushing
overhead to the point where the original packets are being spread out
accross too many encrypted packets? Any thoughts as to resolution?
I have checked all support sites that I know of to no avail.
(BTW, Citrix also refuses to tunnel within a SecuRemote VPN.)
Thanks in advance.
Frans
- ----
Frans Lawaetz
Breakaway Solutions
Internet Security Engineer
61 East Cottage St, Norwood, MA 02062
OfficeCellGet there first.
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0
iQA/AwUBOq5sHFaewKKaHSbPEQLUfwCfVhLFZ3InTNEBLkTlzDceDiedE4cAnAzO
pQrBk2gDOUqhbTDX7Je5OEsP
=lgkj
-----END PGP SIGNATURE-----
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
|
|
