Re: [FW-1] Can anyone explain this behavior using DSL?

[Christopher Gripp <cgripp@FW1-NOSPAMAXCELERANT.COM>]

1490 isn't always low enough.  We have had to go down to 1350 in some cases depending on the equipment involved.





Christopher Gripp
Systems Engineer
Axcelerant

"Impartiality is a pompous name for indifference, which is an elegant name for ignorance."  G.K. Chesterton

> -----Original Message-----
> From: Steve McNutt [mailto:mcnutt@LIGHTNINGCLOUD.NET]
> Sent: Friday, April 12, 2002 2:31 PM
> To: FW-1-MAILINGLIST@beethoven.us.checkpoint.com
> Subject: Re: [FW-1] Can anyone explain this behavior using DSL?
>
>
> Could be an MTU problem.  Try lowering the MTU on network
> adapter of the client box to 1490 bytes as a troubleshooting
> step.  The ability to recieve but not send messages indicates
> that small packets are transiting the network but full size
> packets originating from the client are being dropped somewhere.
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;Q120642
>
>
>
> Steven McNutt, CCIE #6495, CCSE #6224, MCSE
> President
> LightningCloud Technologies
> bus:> cel:> mcnutt@lightningcloud.net
>
>
> -----Original Message-----
> From: Chris Moore [mailto:cmoore@US.MUTEK.COM]
> Sent: Friday, April 12, 2002 3:47 PM
> To: FW-1-MAILINGLIST@beethoven.us.checkpoint.com
> Subject: [FW-1] Can anyone explain this behavior using DSL?
>
>
> I have a remote user that experiences problems sending mail
> using Outlook
> while connected to my internal network via SecuRemote.  SR
> authenticates
> fine and resources are available, however "network problems
> are preventing
> connection to the Exchange server" errors are generated when
> trying to send
> a new mail message...receiving messages is ok.  The user has
> DSL provided by
> Earthlink (uses PPPoE) and is connecting using the RASPPPOE
> dialer.  His
> PPPoE adapter receives a public IP from the ISP and his
> network adapter is
> assigned a private IP address via DHCP from his LinkSys DSL
> router.  He is
> using SR build 4199 on Win2KPro (IKE scheme).  My firewall is
> NG FP1 on
> RH7.2 (kernel 2.4.9-31).
>
> Here is what I see in the log that hints at the problem:
>
> action   service  source        destination      rule   S_port
> ------   -------  ------        -----------      ----   ------
> drop     1071     192.168.1.6   165.247.143.78   25     2154
> drop     1070     192.168.1.6   10.0.0.3         25     2155
> drop     1071     192.168.1.6   165.247.143.78   25     2156
> drop     1070     192.168.1.6   10.0.0.3         25     2157
> drop     1071     192.168.1.6   165.247.143.78   25     2158
> drop     1070     192.168.1.6   10.0.0.3         25     2159
>
>
> 192.168.1.6 is my Exchange server internal address.
> 165.247.143.78 is the
> IP assigned by the user's ISP.  10.0.0.3 is the DHCP assigned
> internal IP
> for the user's home network.  Rule 25 is the cleanup rule.
>
> It looks like Exchange doesn't know where to send the packets
> to or the
> connection is losing state.  For other users on either cable
> modem or DSL
> that don't have problems, I see only the private IP address
> on their side,
> not the public ISP assigned address.  For example:
>
> action   service  source        destination      rule   S_port
> ------   -------  ------        -----------      ----   ------
> decrypt  rpc      192.168.2.14  192.168.1.6      1      1392
>
> where Rule 1 is the SecuRemote access rule.
>
> Does anyone have a clue what might be happening and/or how to go about
> resolving it?  Could it be a configuration on the ISP and/or
> user's router
> sides?  Or, maybe a timing issue at either the Exchange
> server or firewall?
>
> Thanks in advance!
> ...
> Chris
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to LISTSERV@lists.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner@ts.checkpoint.com
> =================================================
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to LISTSERV@lists.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner@ts.checkpoint.com
> =================================================
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to LISTSERV@lists.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner@ts.checkpoint.com
> =================================================
>
>

=================================================
To set vacation, Out Of Office, or away messages,
send an email to LISTSERV@lists.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner@ts.checkpoint.com
=================================================