We currently have a Site - Site connection to a law firm. They connect to our Peoplesoft server webpage. After a server upgrade they are intermittently connecting to the web page. After sniffing the connection I see the remote traffic connects fine but the reply back from the server is forcing the VPN3015 to issue ICMP Dest Unreachable (fragmentation) errors to the server. This is then followed by a bunch of TCP retries from the server. I suspect packet size is to big. So do I find a way to decrease the MTU size on the server ? If so what size ? Or find a way to set the fragmentation flag on the server ?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...