[fw-wiz] Fragmentation over VPN



Hi everyone,

First time poster here (as if anyone cared <g>).

I have this scenario:

Three offices need to connect via IPSec (L2L) and each also runs EZVPN
server for clients to connect to.

There is a 506E, and ASA5510 and an ISR 1801W. The configuration for the
506E and ASA5510 were easy enough and everything is working fine. On the
1801 is a different story. I get the SA's done with no problems, but then no
other traffic flows through and I suspect this has to do with fragmentation.

On the outside interface (Dialer1), I have "mtu 1492" and on the inside
(VLAN1) I have "ip tcp adjust-mss 1452". Everyone behind the device can
browse the internet without any problems (yes, PAT).

Can some kind soul please provide some ideas on how to get around it?

Much appreciated.

Alex.

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • Re: SBS Server keeps shutting down
    ... as we have had a few power cuts recently and the server kept chugging along. ... I have no idea what IPSec is ... multiple reboot mentioned above and some other troubleshooting steps ...
    (microsoft.public.windows.server.sbs)
  • Re: L2TP/IPSec Verbindung läuft mit XP SP2 nicht mehr
    ... In XPSP2 the IPsec driver needs a registry setting when either the ... server or workstation are behind a NAT gateway. ... 1- Client initiates to a server that is behind the NAT ... > Peer Private Addr ...
    (microsoft.public.de.german.windowsxp.networking)
  • Re: Should I install Certificate Authority to solve these problems ?
    ... You can use IPsec with or without certs from your PKI. ... negotiations to your AD machines or those trusting the ... > In the item 1 below, the tool in use is a HP server management tool (type ... >>> Management is pushing to get Certificate Authority ...
    (microsoft.public.win2000.security)
  • Re: SP1 install and win2k3 server 2003
    ... server what other programs/drivers are loaded if AV was or not installed on ... I'm not going to install SP1 again until I know what went wong, ... IpSec are not blocking the system connetivity. ...
    (microsoft.public.windows.server.general)
  • Re: Unexpected shutdown
    ... - HP NC7761 Gigabit Server: ... - The IPSec Driver is starting in Bypass mode. ... - The Exchange IFS driver loaded successfully. ... Is anything scheduled at that time within scheduler? ...
    (microsoft.public.windows.server.general)