If you have a NAT device you typically need to allow UDP encapsulation. This has to be configured in your remote access properties as well as in the client. The MTU problem seems to have been fixed if you are using NG-AI with the latest client - it has a much improved solution for MTU detection that actually seems to work. In the past you had to potentially drop your MTU quite a bit. If you don't have NG-AI then you need to do the ping test with the do not fragment bit set to determine the max MTU that can be supported between the client and the firewall host. In my experience, we often had to go much lower than 1492. I used to run with 1200 which worked well. You could usually make it into the low 1400s if you weren't on AOL. Make sure these folks aren't running the windows firewall. I suppose if nothing else works you can also switch to "visitor" mode, but that is less efficient and you shouldn't have to do it.
-- Jon Allingham Director, IVT Leapstone Systems -----Original Message----- From: Hadmut Danisch [mailto:[EMAIL PROTECTED] Sent: Friday, November 14, 2003 4:45 AM To: [EMAIL PROTECTED] Subject: [FW-1] SecureClient vs. ADSL Hi, several customers complained that SecureClient is not working from private networks (i.e. at home) if the network is connected through a DSL router. In fact, I also found a Secure Client to be hanging if trying to do a first time login. My first guess was the usual MTU problem of DSL, but reducing MTU to 1492 on the firewall didn't help, so I'll have to do further debugging. Did anyone face (or solve) this problem too? regards Hadmut ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
