Firewall Wizards mailing list archives
VPN Issue with Certs and fragmentation
From: "Bell Simon (RBNA/CIT1.12)" <Simon.Bell () us bosch com>
Date: Tue, 11 Sep 2007 13:48:04 -0500
We occasionally have customers call in reporting that they're never prompted for credentials when attempting to connect to the VPN. This happens most often when they're at a hotel/public hotspot. However, if they use a profile based on a preshared key instead of a cert authentication, they connection works w/o issue. I've captured traffic off a failed user and it looks like during a cert auth IPSec tunnel there's a fair amount of packet fragmentation. I'm guessing then that a router in-between is probably just dropping those packets causing phase1 to fail. Has anyone else seen something similar to this? I'm thinking dropping the MTU on either our public interface or on the client directly. Any other suggestions shared experiences would be great, Simon _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- VPN Issue with Certs and fragmentation Bell Simon (RBNA/CIT1.12) (Sep 11)
- Re: VPN Issue with Certs and fragmentation Robby Cauwerts (Sep 12)
- Re: VPN Issue with Certs and fragmentation Bell Simon (RBNA/CIT1.12) (Sep 13)
- <Possible follow-ups>
- Re: VPN Issue with Certs and fragmentation Bell Simon (RBNA/CIT1.12-Sbd) (Sep 26)
- Re: VPN Issue with Certs and fragmentation Robby Cauwerts (Sep 12)