1) Use dbedit to modify "fw_clamp_tcp_mss" from "false" to "true", 2) change the internal interface MTU from 1500 to 1400, 3) cpstop;cpstart
that will fix your problem. check out sk14995 "Covington, Chris" <[EMAIL PROTECTED]> wrote: All, There's a Microsoft security update which causes MTU discovery to fail: http://support.microsoft.com/default.aspx?scid=898060 We have several site-to-site IPSec VPNs with Cisco firewall IOS routers. On their end we can workaround this by adjusting the MSS on the router's inside interface instead of setting the MTU to 1436 on each PC: ip tcp adjust-mss 1396 Is there an equivalent for this on Secureplatform R55 HFA-13? I would like not to have to change each PC's MTU setting behind SPLAT to access patched machines over the VPN. thanks --- Chris Covington IT Plus One Health Management 75 Maiden Lane Suite 801 NY, NY 10038 646-312-6269 http://www.plusoneactive.com ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= --------------------------------- Do you Yahoo!? Yahoo! Small Business - Try our new resources site! ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
