| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [FW1] Problem communicationg through FW1 on a VPN tunnel
- To: "Jan Berntsen" <[email protected]>, "FireWall-1 Mailinglist (E-post)" <[email protected]>
- Subject: RE: [FW1] Problem communicationg through FW1 on a VPN tunnel
- From: "Peter Norin" <[email protected]>
- Date: Thu, 13 Sep 2001 13:48:00 +0200
- Sender: [email protected]
- Thread-index: AcE7Wzddp5ft8rLDTfirpkrqCTlDqwA7Wkeg
- Thread-topic: [FW1] Problem communicationg through FW1 on a VPN tunnel
Could Be that you are blocking icmp,
denying the 3,4 , packet undeliverable, packet to big.
The most common MTU value is 1500.
When you initialize the session you send quite small
packets, but then when you start to transfer the data
you will use the maximum size of the packet, 1500
then when you encrypt it you will add a ESP header
and the packets will grow beoynd 1500 and is no longer
deliverable since almost every involved part has
MTU 1500 and the "dont defrag" flag.
if you allow icmp 3,4 that would probably fix it,
but as a test, to verify if this is the problem and you
dont want to touch the firewalls / encrytions points
try to lower the MTU to 1400 on the clients. That
way the packet wont become to big.
Cheers
Peter
-----Original Message-----
From: Jan Berntsen [mailto:[email protected]]
Sent: den 12 september 2001 09:19
To: FireWall-1 Mailinglist (E-post)
Subject: [FW1] Problem communicationg through FW1 on a VPN tunnel
Hello all
I know that this is probably not a FireWall-1 issue, but with all the
intelligent communication professionals hooked up to this mailing list,
there ought to be someone who is able to tell me what to do about this.
I have this configuration:
- Unix host - ftp client
- Cisco Router
- Cisco Router
- FireWall-1
- Intel NetStructure VPN device - VPN Tunnel endpoint
- FireWall-1 (another one)
- Cisco Router
- Internet
- Cisco Router
- Intel NetStructure VPN device - VPN Tunnel endpoint
- Windows NT FTP server
I run ftp from the unix host to the WinNT ftp server.
My problem is that if I try to 'put' any file larger than a certain size
(below 2k), the file will not be sent. The ftp client manages to connect
and send the data, but when closing the file, it times out with the
message '426 connection closed; transfer aborted'.
If I try to 'get' a file, it transfers right away with no problem.
I also have problems with user sessions of several kinds trying to
connect from the Windows NT side towards the Unix side by using Terminal
Server Client or ODBC connections.
I have tried to adjust the MTU, and even enabled MTU-path-discovery in
the Cisco routers at both endpoints without any effect.
Any and all help is highly appreciated.
Regards,
Jan Berntsen
Networking Engineer
InfoCare ASA
E-mail: [email protected]
Internet: http://www.infocare.no
------
This message has been swept for the presence of computer viruses
========================================================================
========
To unsubscribe from this mailing list, please see the instructions
at
http://www.checkpoint.com/services/mailing.html
========================================================================
========
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
|
|
