Firewall Wizards mailing list archives
Re: VPN Issue with Certs and fragmentation
From: "Bell Simon (RBNA/CIT1.12)" <Simon.Bell () us bosch com>
Date: Wed, 12 Sep 2007 13:53:49 -0500
Robby, Thanks for the reply. We're using the Cisco software and using Cisco 5520ASAs to terminate the VPN. I've tried configuring the vpn profile to use TCP over port 10000 and that too fails. I'm going to try lowering the MTU on the public interface of an ASA to see if that helps. Thanks, simon ________________________________ From: firewall-wizards-bounces () listserv cybertrust com [mailto:firewall-wizards-bounces () listserv cybertrust com] On Behalf Of Robby Cauwerts Sent: Wednesday, September 12, 2007 3:06 AM To: Firewall Wizards Security Mailing List Subject: Re: [fw-wiz] VPN Issue with Certs and fragmentation On 9/11/07, Bell Simon (RBNA/CIT1.12) <Simon.Bell () us bosch com> wrote: We occasionally have customers call in reporting that they're never prompted for credentials when attempting to connect to the VPN. This happens most often when they're at a hotel/public hotspot. However, if they use a profile based on a preshared key instead of a cert authentication, they connection works w/o issue. I've captured traffic off a failed user and it looks like during a cert auth IPSec tunnel there's a fair amount of packet fragmentation. The fragmentation can be solved by using IKE over tcp. What type of vpn (vendor) are you using? Br. Robby
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- VPN Issue with Certs and fragmentation Bell Simon (RBNA/CIT1.12) (Sep 11)
- Re: VPN Issue with Certs and fragmentation Robby Cauwerts (Sep 12)
- Re: VPN Issue with Certs and fragmentation Bell Simon (RBNA/CIT1.12) (Sep 13)
- <Possible follow-ups>
- Re: VPN Issue with Certs and fragmentation Bell Simon (RBNA/CIT1.12-Sbd) (Sep 26)
- Re: VPN Issue with Certs and fragmentation Robby Cauwerts (Sep 12)