MTU size should not be an issue with AI as long as you use an NG AI version of SecuRemote. AI is supposed to negotiate and set the MTU dynamically as opposed to FP3.
It sounds like you are actually experiencing the problems posed by home firewalls that use NAT, which is what UDP Encapsulation and IKE over TCP fix. We force it for everyone, but we have SecureClient and can do that with the packaging tool so they can't mess withthe settings.
Ray Pesek, CISSP
From: [EMAIL PROTECTED] Reply-To: Mailing list for discussion of Firewall-1 <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: [FW-1] SecuRemote problems after migrating 4.1 users to NG-AI Date: Wed, 28 Jan 2004 13:49:22 -0700
We have an existing 4.1 SP6 firewall and have been migrating users over to a new NG-AI firewall. We are experiencing numerous problems with MTU size, and having to configure clients to use UDP encapsulation and IKE over TCP, in order to get things working. Why would people be able to work with 4.1, but switching them to the new NG-AI client, and pointing them to an NG-AI firewall be problematic. The majority of problem users are DSL or DSL with some kind of home network. I can understand the potential problems, but can't figure out why things worked on 4.1. Thanks for any help.
-Aaron
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
_________________________________________________________________ Find high-speed �net deals � comparison-shop your local providers here. https://broadband.msn.com
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
