Re: [fw-wiz] VPN Issue with Certs and fragmentation
- From: "Bell Simon (RBNA/CIT1.12)" <Simon.Bell@xxxxxxxxxxxx>
- Date: Wed, 12 Sep 2007 13:53:49 -0500
Robby,
Thanks for the reply. We're using the Cisco software and using Cisco
5520ASAs to terminate the VPN. I've tried configuring the vpn profile to
use TCP over port 10000 and that too fails. I'm going to try lowering
the MTU on the public interface of an ASA to see if that helps.
Thanks,
simon
________________________________
From: firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxxxx
[mailto:firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxxxx] On Behalf Of
Robby Cauwerts
Sent: Wednesday, September 12, 2007 3:06 AM
To: Firewall Wizards Security Mailing List
Subject: Re: [fw-wiz] VPN Issue with Certs and fragmentation
On 9/11/07, Bell Simon (RBNA/CIT1.12) <Simon.Bell@xxxxxxxxxxxx> wrote:
We occasionally have customers call in reporting that they're
never
prompted for credentials when attempting to connect to the VPN.
This
happens most often when they're at a hotel/public hotspot.
However, if
they use a profile based on a preshared key instead of a cert
authentication, they connection works w/o issue. I've captured
traffic
off a failed user and it looks like during a cert auth IPSec
tunnel
there's a fair amount of packet fragmentation.
The fragmentation can be solved by using IKE over tcp.
What type of vpn (vendor) are you using?
Br.
Robby
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
- References:
- Re: [fw-wiz] VPN Issue with Certs and fragmentation
- From: Robby Cauwerts
- Re: [fw-wiz] VPN Issue with Certs and fragmentation
- Prev by Date: Re: [fw-wiz] Isolating internal servers behind firewalls
- Next by Date: [fw-wiz] wireless security on notebooks
- Previous by thread: Re: [fw-wiz] VPN Issue with Certs and fragmentation
- Next by thread: Re: [fw-wiz] VPN Issue with Certs and fragmentation
- Index(es):
Relevant Pages
|
