Re: IPsec performance just 55% of WAN bandwidth
From: Bjorn Randell (Bjorn_at_AlphaMale.me.uk)
Date: 07/17/03
- Next message: Tony Querciagrossa: "Sonic Wall Problems"
- Previous message: Steve: "CheckPoint FW-1 NG FP3 HFA_315"
- In reply to: Walter Roberson: "Re: IPsec performance just 55% of WAN bandwidth"
- Next in thread: news.qwest.net: "Re: IPsec performance just 55% of WAN bandwidth"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 17 Jul 2003 21:24:29 +0100
"Walter Roberson" <roberson@ibd.nrc-cnrc.gc.ca> wrote in message
news:bf6qco$2ja$1@canopus.cc.umanitoba.ca...
> In article <KCBRa.426$x32.35155@news.uswest.net>,
> news.qwest.net <rmalayter--NOSPAM@bai.org> wrote:
> :I thought it would be doing that correctly as well, but it seems that the
> :sonicwall side isn't fragmenting packets correctly, even though I have it
> :turned on. It looks like pings with a payload larger than 1418 bytes are
> :getting black-holed.
>
> That doesn't necessarily prove anything. On the Cisco PIX, pings
> of 1000 bytes or more are denied by the IDS subsystem as being a potential
> attack. I do not know why 1000 exactly, and PIX offers no way to
> adjust the boundary.
I think it's likely to be because of a reflection issue to prevent a large
ICMP packet going back to a forged source address for example.
-- Regards, Bjorn Randell Bjorn@AlphaMale.me.uk or ICQ #137732
- Next message: Tony Querciagrossa: "Sonic Wall Problems"
- Previous message: Steve: "CheckPoint FW-1 NG FP3 HFA_315"
- In reply to: Walter Roberson: "Re: IPsec performance just 55% of WAN bandwidth"
- Next in thread: news.qwest.net: "Re: IPsec performance just 55% of WAN bandwidth"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
