Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco PIX compactability with Checkpoint

Hi All,

We need your assistance

Issue: VPN Pkts get dropped.

1) A Site-to-Site VPN is established b/w Checkpoint & Cisco PIX.

2) Often the connectvitiy Flaps, i.e. the pkst get dropped.

Error:

Pix: Duplicate pkt on Phase 2

Checkpoint: Virtual defragmentation error: Timeout

When checked in Google, the solution is 'caused to due to jumbo packets traversing thru the tunnel' and need to change the MTU size.

We have S-2-S tunnels with multiple customers and have issue with only one customer and he is asking to change the MTU Size. To my knowledge we can only change MTU for an interface and not for tunnel.

Kindly advice me on this.

Regards,

Thebull.

2 REPLIES
Bronze

Re: Cisco PIX compactability with Checkpoint

You can change the MTU for a tunnel. Each tunnel has a virtual interface associated with it. You can go to the virtual interface config and specify the required MTU size.

New Member

Re: Cisco PIX compactability with Checkpoint

You do not need to change anything. What

is the checkpoint version? Is it NG, NG with

AI or NGx? Make sure you use the latest

HotFix Accumulator (HFA) on the checkpoint side.

When in doubt, run "fw ver" and it will tell

the current version on the firewall.

Try to upgrade to the latest HFA first.

if you still has issues, then the next

thing to do is to use dbedit to modify some

parameters on the checkpoint firewall.

200
Views
0
Helpful
2
Replies