11-21-2007 11:40 AM - edited 02-21-2020 01:48 AM
Hi All,
We need your assistance
Issue: VPN Pkts get dropped.
1) A Site-to-Site VPN is established b/w Checkpoint & Cisco PIX.
2) Often the connectvitiy Flaps, i.e. the pkst get dropped.
Error:
Pix: Duplicate pkt on Phase 2
Checkpoint: Virtual defragmentation error: Timeout
When checked in Google, the solution is 'caused to due to jumbo packets traversing thru the tunnel' and need to change the MTU size.
We have S-2-S tunnels with multiple customers and have issue with only one customer and he is asking to change the MTU Size. To my knowledge we can only change MTU for an interface and not for tunnel.
Kindly advice me on this.
Regards,
Thebull.
11-27-2007 02:43 PM
You can change the MTU for a tunnel. Each tunnel has a virtual interface associated with it. You can go to the virtual interface config and specify the required MTU size.
11-28-2007 09:53 AM
You do not need to change anything. What
is the checkpoint version? Is it NG, NG with
AI or NGx? Make sure you use the latest
HotFix Accumulator (HFA) on the checkpoint side.
When in doubt, run "fw ver" and it will tell
the current version on the firewall.
Try to upgrade to the latest HFA first.
if you still has issues, then the next
thing to do is to use dbedit to modify some
parameters on the checkpoint firewall.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide