Re: [fw-wiz] VPN Issue with Certs and fragmentation



On 9/11/07, Bell Simon (RBNA/CIT1.12) <Simon.Bell@xxxxxxxxxxxx> wrote:

We occasionally have customers call in reporting that they're never
prompted for credentials when attempting to connect to the VPN. This
happens most often when they're at a hotel/public hotspot. However, if
they use a profile based on a preshared key instead of a cert
authentication, they connection works w/o issue. I've captured traffic
off a failed user and it looks like during a cert auth IPSec tunnel
there's a fair amount of packet fragmentation.



The fragmentation can be solved by using IKE over tcp.
What type of vpn (vendor) are you using?

Br.
Robby
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


Relevant Pages

  • Re: Connecting a remote workstation to a domain
    ... VPN for "All Users" to the SBS server (and using her domain credentials). ... created the VPN connection and tested with the same results from a remote ... Even setting up a low end workstation ...
    (microsoft.public.windows.server.sbs)
  • Re: How does your company handle this issue?
    ... Our users normally just login to the laptops ... using the domain cached credentials. ... They then establish a VPN connection ...
    (microsoft.public.win2000.active_directory)
  • Re: Credentials and net use problem after IPSec VPN is build
    ... VPN FW they give domain credentials to FW. ... names or passwords it checks them from win-Radius server. ...
    (microsoft.public.windows.server.networking)
  • Re: vpn drive mapping
    ... the script link you sent me is in vbscript. ... connecting via VPN, as a second step to connect to the network shares. ... > will normally pass those credentials when trying to access ... > Tony Su ...
    (microsoft.public.windows.server.sbs)
  • Re: VP Connected, saw the share but not cannot open it
    ... uses the same credentials as used to logon to the VPN or if this is a domain ... configure the VPN client connection to include ... with different credentials than using to logon to the VPN. ...
    (microsoft.public.windows.server.networking)