A group of Citrix Clients connect to a Citrix Metaframe Server. The port numbers involved are Citrix Metaframe (TCP/UDP 1494) and MS Terminal Server (TCP/UDP 1604).
The network is configured such that the communication between the Citrix clients and server goes through a GRE tunnel. Traceroutes from client to server, and vice versa, confirm that it passes thru the GRE tunnel. There's no ACL, firewalls or NAT devices along the IP path, in both directions.
The issue is, all Citrix clients can ping to the server but some fail to log on to the server; some have no problem. Also, other applications, e.g. PCAnywhere, can go through. If the GRE tunnel is taken away, all Citrix clients can log on to the Citrix server.
What could be the problem? It seems like the GRE tunnel might cause the problem. Do I need to adjust the TCP MSS or IP MTU on the tunnel interfaces?