we have a vendor who uses a Netscreen firewall and for security purposes needs to have the "Block Fragment Traffic" option enabled. Yet that option is blocking our ipsec over udp traffic from our ASA5550. I've tried all the possible pre-fragmentation options and our interface MTU is set to 1500.
Strange thing is that we have existing 3k's they can connect to fine through this Netscreen. It's only the new ASA that they cannot connect to. They turned off the Block Fragment Traffic option as a test and were able to login to the ASA without a problem.
Has anyone encountered this issue or know of a workaround? Thanks in advance.