R: [fw-wiz] MTU issue routing traffic via Cisco GRE tunnel to Nokia/Check Point firewall

From: edp (edp.lists_at_acerbis.it)
Date: 12/18/03

Next message: MHawkins_at_TULLIB.COM: "RE: [fw-wiz] You'll never get fired for recommending IBM - sorry - Microsoft"

Previous message: Dean Davis: "RE: [fw-wiz] Checkpoint to Cisco - Hardware VPN works, software d oesn't"
In reply to: Eric Vyncke: "Re: [fw-wiz] MTU issue routing traffic via Cisco GRE tunnel to Nokia/Check Point firewall"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <firewall-wizards@honor.icsalabs.com>
Date: Thu, 18 Dec 2003 09:46:32 +0100

>The simple solutions are:
>- - use 'ip tcp adjust-mss 1400' on a router seeing traffic in the
clear to > force MSS to 1400 so IP datagram size to 1420 (of course 1400
is just a >guess), this will cover all TCP traffic
>- - set 'ip mtu 1500' on the GRE tunnel interface (yes 1500 bytes)

Just for clarity, with a mss option set to 1400, the ip packet size will
be 1440.

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Next message: MHawkins_at_TULLIB.COM: "RE: [fw-wiz] You'll never get fired for recommending IBM - sorry - Microsoft"

Previous message: Dean Davis: "RE: [fw-wiz] Checkpoint to Cisco - Hardware VPN works, software d oesn't"
In reply to: Eric Vyncke: "Re: [fw-wiz] MTU issue routing traffic via Cisco GRE tunnel to Nokia/Check Point firewall"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

www.derkeiler.com > Mailing-Lists > Firewall-Wizards > 2003-12