>From what you describe, it sounds like Smartdefense is dropping your packet (a ping from the lan with a packet size larger than 576 to the inside interface of the FW fails). You need to increase the icmp packet size allowed in SmartDefense. As far as performance on the vpn tunnel, you may want to change the parameter "ipsec_dont_fragment" from "false" to "true". That will increase the performance in your VPN tunnel. Enjoy. cisco4ng
rba <[EMAIL PROTECTED]> wrote: Howdy' That should have read fragmentation. the setup is as follows Lan <---> FW <--->Cisco Router <---> ISP router A ping from the lan with a packet size larger than 576 to the inside interface of the FW fails. The same happens for a ping from the cisco o router or outside for that matter with packet size larger than 576 bytes. This is affecting the performance my vpn tunnels. Any leads on how to get the throughput higher than 576 bytes? regards On Wednesday 14 September 2005 5:08 pm, Jean-Francois Gobin wrote: > And what's the question ? > > "Defragmenting packets larger than 576bytes", you mean "fragmenting" ? > > Are you sure that the nokia is concerned ? Isn't that the client or the > server ? Don't forget that a link in-between may request fragmentation, > the Naggle algorithm is then there to ensure that both the client and the > server will use packet smaller than the smallest MTU discovered along the > path. > > Regards, > jF > > On Wed, 14 Sep 2005, rba wrote: > > Hello's > > > > I have a nokia IP260 which is defragmenting packets larger that 576bytes > > The unit is running IPSO 3.8 build 584 + Check Point VPN-1(TM) & > > FireWall-1 (R) NG with Application Intelligence (R55) > > > > > > The physical interfaces of the unit are all configured with an mtu of > > 1500 bytes and the transit network interfaces have standard mtu's of > > 1500 bytes > > > > eth2c0: lname eth2c0 > > flags=e7 > > inet mtu 1500 192.168.0.1/20 broadcast 192.168.15.255 > > phys eth2 flags=4133 > > ether 0:a0:8e:99:b1:44 speed 100M full duplex > > > > > > eth1c0: lname eth1c0 > > flags=e7 > > inet mtu 1500 10.0.0.254/24 broadcast 10.0.0.255 > > phys eth1 flags=4133 > > ether 0:a0:8e:99:b1:43 speed 100M full duplex > > > > > > what could be a miss? > > > > cheers > > > > ================================================= > > To set vacation, Out-Of-Office, or away messages, > > send an email to [EMAIL PROTECTED] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [EMAIL PROTECTED] > > ================================================= > > ---------- > Jean-Francois Gobin - Administrateur gobinjf.be > http://www.gobinjf.be mailto:[EMAIL PROTECTED] > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= --------------------------------- Yahoo! for Good Click here to donate to the Hurricane Katrina relief effort. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
