[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] nokia IP300 - increasing mtu
On Tue, Mar 27, 2001 at 10:50:11AM +1000, Ken Blinco wrote: : : Thanks for that. We need to increase the mtu as there are large packets : being sent through a vpn which have the do-not-fragment bit set. If you : think 1600 is too large, what would you recommend? (i guess it depends : on the packet size). I would recommend you configure your VPN to not copy the "DF" bit from the clear packet to the encapsulated/encrypted packet. I know that at least the Nokia vpn appliances (the stuff that came from Network Alchemy) support this, and I imagine others would as well, since it is a useful feature. Properly implemented, a packet with DF set would get encapsulated, and *that* packet would get frag'd, and re-assembled at the other end of the VPN.. -- Jason Costomiris <>< | Technologist, geek, human. jcostom {at} jasons {dot} org | http://www.jasons.org/ Quidquid latine dictum sit, altum viditur. My account, My opinions. ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|