Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: VPN Issue with Certs and fragmentation

From: "Bell Simon (RBNA/CIT1.12)" <Simon.Bell () us bosch com>
Date: Wed, 12 Sep 2007 13:53:49 -0500
Robby,
 
Thanks for the reply. We're using the Cisco software and using Cisco
5520ASAs to terminate the VPN. I've tried configuring the vpn profile to
use TCP over port 10000 and that too fails. I'm going to try lowering
the MTU on the public interface of an ASA to see if that helps.
 
Thanks,
 
simon

________________________________

From: firewall-wizards-bounces () listserv cybertrust com
[mailto:firewall-wizards-bounces () listserv cybertrust com] On Behalf Of
Robby Cauwerts
Sent: Wednesday, September 12, 2007 3:06 AM
To: Firewall Wizards Security Mailing List
Subject: Re: [fw-wiz] VPN Issue with Certs and fragmentation


On 9/11/07, Bell Simon (RBNA/CIT1.12) <Simon.Bell () us bosch com> wrote: 

        We occasionally have customers call in reporting that they're
never
        prompted for credentials when attempting to connect to the VPN.
This
        happens most often when they're at a hotel/public hotspot.
However, if 
        they use a profile based on a preshared key instead of a cert
        authentication, they connection works w/o issue. I've captured
traffic
        off a failed user and it looks like during a cert auth IPSec
tunnel
        there's a fair amount of packet fragmentation. 
        



The fragmentation can be solved by using IKE over tcp.
What type of vpn (vendor) are you using?

Br.
Robby





_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: