RE: [fw-wiz] MTU issue routing traffic via Cisco GRE tunnel to No kia/Check Point firewall

From: Behm, Jeffrey L. (BehmJL_at_bvsg.com)
Date: 12/08/03

Next message: Breno Jacinto: "[fw-wiz] Open Source Personal Firewall?"

Previous message: Andy Lyakhovetskiy: "RE: [fw-wiz] PIX DMZ inter-access via outside IP address"
Next in thread: pedski: "Re: [fw-wiz] MTU issue routing traffic via Cisco GRE tunnel to No kia/Check Point firewall"
Reply: pedski: "Re: [fw-wiz] MTU issue routing traffic via Cisco GRE tunnel to No kia/Check Point firewall"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "'marcel.cook@convergys.com '" <marcel.cook@convergys.com>, "'firewall-wizards@honor.icsalabs.com '" <firewall-wizards@honor.icsalabs.com>
Date: Sun, 7 Dec 2003 19:10:48 -0600

Was researching a similar problem just this past Friday...maybe it applies
in your case, too...I won't even attempt to summarize for them, but it has
to do with the "Need to fragment, but DF set" ICMP message being blocked
somewhere along the way.

Since the post is from Cisco it might not be your problem, but...
HTH,
Jeff

http://www.cisco.com/warp/public/105/56.html
<part of this page posted here...>

Why Can't I Browse the Internet when Using a GRE Tunnel?
Introduction
Sometimes when traffic goes through a generic routing encapsulation (GRE)
tunnel, you can successfully use Ping and Telnet, but you can't download
Internet pages or transfer files using FTP. This Tech Note explains a common
reason for this problem, and offers several workarounds.

-----Original Message-----
From: marcel.cook@convergys.com
To: firewall-wizards@honor.icsalabs.com
Sent: 12/4/2003 5:23 AM
Subject: [fw-wiz] MTU issue routing traffic via Cisco GRE tunnel to
Nokia/Check Point firewall

We have been suffering an issue to do with Checkpoint, Cisco GRE tunnels
and MTU size for a number of months now, and I thought it might be worth
posting a description of our problem on this list in case someone is
able
to help. We feel that we have exhausted most avenues of trying to
troubleshoot this issue.

<snip>

The problem is that users in the Paris branch office are unable to view
_some_ websites. Examples of ones that don't work are www.yahoo.fr and
www.adp.fr. The majority work fine, including www.cisco.com and
www.google.com.

<snip>
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Next message: Breno Jacinto: "[fw-wiz] Open Source Personal Firewall?"

Previous message: Andy Lyakhovetskiy: "RE: [fw-wiz] PIX DMZ inter-access via outside IP address"
Next in thread: pedski: "Re: [fw-wiz] MTU issue routing traffic via Cisco GRE tunnel to No kia/Check Point firewall"
Reply: pedski: "Re: [fw-wiz] MTU issue routing traffic via Cisco GRE tunnel to No kia/Check Point firewall"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]