Hi,
The tunnel has been setup using Checkpoint's VPN1 and it does not seem
to have this option.
I'm still waiting for access to the nokia support pages. Does anyone
know the syntax for the 'ipsctl' command to increase the mtu?
Ken
Jason Costomiris wrote:
>
> On Tue, Mar 27, 2001 at 10:50:11AM +1000, Ken Blinco wrote:
> :
> : Thanks for that. We need to increase the mtu as there are large packets
> : being sent through a vpn which have the do-not-fragment bit set. If you
> : think 1600 is too large, what would you recommend? (i guess it depends
> : on the packet size).
>
> I would recommend you configure your VPN to not copy the "DF" bit from the
> clear packet to the encapsulated/encrypted packet. I know that at least
> the Nokia vpn appliances (the stuff that came from Network Alchemy) support
> this, and I imagine others would as well, since it is a useful feature.
>
> Properly implemented, a packet with DF set would get encapsulated, and
> *that* packet would get frag'd, and re-assembled at the other end of the
> VPN..
>
> --
> Jason Costomiris <>< | Technologist, geek, human.
> jcostom {at} jasons {dot} org | http://www.jasons.org/
> Quidquid latine dictum sit, altum viditur.
> My account, My opinions.
>
> ================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ================================================================================
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
