Re: [fw-wiz] MTU issue routing traffic via Cisco GRE tunnel to No kia/Check Point firewall

From: pedski (pedski_at_optonline.net)
Date: 12/13/03

  • Next message: pedski: "Re: [fw-wiz] Firewalls v. Router ACLs" 
    To: "Behm, Jeffrey L." <BehmJL@bvsg.com>
Date: Fri, 12 Dec 2003 20:20:13 -0500

    set the mtu to 1400

    Behm, Jeffrey L. wrote:

    >Was researching a similar problem just this past Friday...maybe it applies
    >in your case, too...I won't even attempt to summarize for them, but it has
    >to do with the "Need to fragment, but DF set" ICMP message being blocked
    >somewhere along the way.
    >
    >Since the post is from Cisco it might not be your problem, but...
    >HTH,
    >Jeff
    >
    >http://www.cisco.com/warp/public/105/56.html
    ><part of this page posted here...>
    >
    >Why Can't I Browse the Internet when Using a GRE Tunnel?
    >Introduction
    >Sometimes when traffic goes through a generic routing encapsulation (GRE)
    >tunnel, you can successfully use Ping and Telnet, but you can't download
    >Internet pages or transfer files using FTP. This Tech Note explains a common
    >reason for this problem, and offers several workarounds.
    >
    >
    >
    >
    >-----Original Message-----
    >From: marcel.cook@convergys.com
    >To: firewall-wizards@honor.icsalabs.com
    >Sent: 12/4/2003 5:23 AM
    >Subject: [fw-wiz] MTU issue routing traffic via Cisco GRE tunnel to
    >Nokia/Check Point firewall
    >
    >We have been suffering an issue to do with Checkpoint, Cisco GRE tunnels
    >and MTU size for a number of months now, and I thought it might be worth
    >posting a description of our problem on this list in case someone is
    >able
    >to help. We feel that we have exhausted most avenues of trying to
    >troubleshoot this issue.
    >
    ><snip>
    >
    >The problem is that users in the Paris branch office are unable to view
    >_some_ websites. Examples of ones that don't work are www.yahoo.fr and
    >www.adp.fr. The majority work fine, including www.cisco.com and
    >www.google.com.
    >
    ><snip>
    >_______________________________________________
    >firewall-wizards mailing list
    >firewall-wizards@honor.icsalabs.com
    >http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    >
    >
    >

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: pedski: "Re: [fw-wiz] Firewalls v. Router ACLs"

    Relevant Pages

    • Re: Page cannot be displayed
      ... Temporary Internet Files ... If you use the PPPoE protocol (or some other Internet link protocol that ... router or ICS (Internet Connection Sharing), you may have to reduce the MTU ...
      (microsoft.public.windowsxp.network_web)
    • Re: Problem with some network connections
      ... Posting on MS newsgroup will benefit all readers and you may get more help. ... Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on ... > Path MTU Discovery - Yes. ... 1) The problem occurs because many web servers block ICMP ...
      (microsoft.public.windowsxp.network_web)
    • Re: Cannot open all websites.
      ... I am using a Bluetooth dongle in my Laptop to access internet by connecting ... Therefore I tried to lower down my MTU size to 1452, ...
      (microsoft.public.windowsxp.network_web)
    • Re: Cannot open all websites.
      ... only that the internet access is restriced to the google's sites. ... What MTU references have you read, ... And have you tried opening any websites by IP address? ... Your main diagnosis is "the page is blank with no visible page and ultimately ...
      (microsoft.public.windowsxp.network_web)
    • NAT & PPPoE (detailed email)
      ... External Interface: fxp0 ... Internal Interface: fxp1 ... Was able to get to internet using a NAT'd machine ... fxp1: flags=8843mtu 1500 ...
      (freebsd-questions)