Thomas, What are the ping times like when pinging from the Linux box? Remember that Windoze ping isn't very clever and will show any ping packet that isn't returned within 1 second as a timeout even if the ping packet is later received. Have you trying increasing the timeout from the Windoze machine with ping -w <big number>?
Regards, Dale At 17:01 23/05/2002 -0400, you wrote: >I've had this issue as well.. I have not been able to solve this problem. >I've done tcpdumps and captures to no end. I've replaced interfaces, etc. >At the time, the machine was running 4.1 SP2 IPSO 3.2.1. If anyone does >solve this, I'd very much appreciate any info you could forward. This has >not affected anything other than the ability to ping the remote host. > >TIA, >Alex > >-----Original Message----- >From: Mehta, Phoram [mailto:[EMAIL PROTECTED]] >Sent: Thursday, May 23, 2002 2:58 PM >To: [EMAIL PROTECTED] >Subject: Re: [FW-1] VPN + Ping - Timeout on Winodws > > >you are correct russell. >the part that is weird here is, "we frequently get dropped >packets()timeout) in-between" I don't know why would firewall allow some >packets and block some. it should be something else. do you use NAT? > >PKM > >-----Original Message----- >From: Russell Washington [mailto:[EMAIL PROTECTED]] >Sent: Thursday, May 23, 2002 11:50 AM >To: [EMAIL PROTECTED] >Subject: Re: [FW-1] VPN + Ping - Timeout on Winodws > > >I don't have any solid ideas, but pings from a Windows box are ICMP, while I >believe that pings from a Linux/Unix box are UDP... correct me if I'm wrong >on the Linux/Unix part guys. Of course, that doesn't explain the vanishing >ICMP directly, but it may give you a place to look. > >-----Original Message----- >From: Thomas Nilsen [mailto:[EMAIL PROTECTED]] >Sent: Thursday, May 23, 2002 2:38 AM >To: [EMAIL PROTECTED] >Subject: [FW-1] VPN + Ping - Timeout on Winodws > > >We're running a VPN between a NG FP1 and 4.1 SP3, as well as NG FP1 to NG >FP1. > >When doing pings to a NAT host on the 4.1 side from a Windows based >PC/server, we frequently get dropped packets()timeout) in-between. However, >doing the same from a Linux/unix hosts at the same time all the ping packets >will go through. Changing the packet size makes no difference. > >We also have this issue with NG to NG, but it is less frequently here. > >The main NG installation is based on W2K, while all others are run on nokia >IP 110/330. > >I've enabled the MTUBlackhole detect on the Windows PCs, but it does not >help on this problem. > >Anyone got any good ideas as to why this is and how to fix it? > >Regards, >Thomas ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
