Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
471
Views
0
Helpful
2
Replies

Cisco PIX compactability with Checkpoint

tkstkstks
Level 1
Level 1

‎11-21-2007 11:40 AM - edited ‎02-21-2020 01:48 AM

Hi All,

We need your assistance

Issue: VPN Pkts get dropped.

1) A Site-to-Site VPN is established b/w Checkpoint & Cisco PIX.

2) Often the connectvitiy Flaps, i.e. the pkst get dropped.

Error:

Pix: Duplicate pkt on Phase 2

Checkpoint: Virtual defragmentation error: Timeout

When checked in Google, the solution is 'caused to due to jumbo packets traversing thru the tunnel' and need to change the MTU size.

We have S-2-S tunnels with multiple customers and have issue with only one customer and he is asking to change the MTU Size. To my knowledge we can only change MTU for an interface and not for tunnel.

Kindly advice me on this.

Regards,

Thebull.

0 Helpful
2 Replies 2

tstanik
Level 5
Level 5

‎11-27-2007 02:43 PM

You can change the MTU for a tunnel. Each tunnel has a virtual interface associated with it. You can go to the virtual interface config and specify the required MTU size.

0 Helpful

kevin.jones1
Level 1
Level 1
In response to tstanik

‎11-28-2007 09:53 AM

You do not need to change anything. What

is the checkpoint version? Is it NG, NG with

AI or NGx? Make sure you use the latest

HotFix Accumulator (HFA) on the checkpoint side.

When in doubt, run "fw ver" and it will tell

the current version on the firewall.

Try to upgrade to the latest HFA first.

if you still has issues, then the next

thing to do is to use dbedit to modify some

parameters on the checkpoint firewall.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card