Cisco Support Community
Community Member

L2TP through PIX v7.0

I have a L2TP VPDN Connection between my ISP and a router at my site. User Dials the ISP and the ISP forwards their connection to my onsite router using L2TP VPN.

We used to run this through a Checkpoint Firewall and had no problems. After taking checkpoint out and installing PIX 515E (version7.0.4) we stared experiencing problems.

1. The L2TP VPDN tunnels establish and have connections, but the data transfer is almost non-existent on some connections, but on others it is fine.

Eventually we rolled back to the checkpoint firewall and found that it reported some fragmentation problems for the L2TP traffic to the onsite router. (Although this was being reported - we are not getting problems or slow connections when connecting through the checkpoint firewall).

How does PIX handle fragmented packets?

Can I check for these fragmented packets being dropped to determine if this is the case?

Might it be a PIX OS issue?

Will changing the MTU size on the PIX interfaces make any difference to getting these problems resolved?

Any help/ideas will be appreciated.

Community Member

Re: L2TP through PIX v7.0

You can use these commands, maybe can help you slove this problem. Key word is a "inspect pptp".

policy-map global_policy

class inspection_default

inspect pptp

Community Member

Re: L2TP through PIX v7.0

Will it also assist with L2TP?

on the v6 code this fixup caused other problems w.r.t PPTP.

CreatePlease to create content