On Fri, Nov 14, 2003 at 08:28:05AM -0500, Jon Allingham wrote: > If you have a NAT device you typically need to allow UDP encapsulation. > This has to be configured in your remote access properties as well as in > the client. The MTU problem seems to have been fixed if you are using > NG-AI with the latest client - it has a much improved solution for MTU > detection that actually seems to work. In the past you had to > potentially drop your MTU quite a bit. If you don't have NG-AI then you > need to do the ping test with the do not fragment bit set to determine > the max MTU that can be supported between the client and the firewall > host. In my experience, we often had to go much lower than 1492. I used > to run with 1200 which worked well. You could usually make it into the > low 1400s if you weren't on AOL.
Good Hints, thanks. I'll try that one. > Make sure these folks aren't running the windows firewall. That's another problem, it doesn't work with XP and XP Firewall, but I didn't check this so far. Any idea what's the problem with the windows firewall? regards Hadmut ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
