Thank you very much for your reply, and sorry for my replay in late.
Yes, it is a Cisco GRE.
We already have made the your suggestions, but it does not work.
Bye
-----Original Message-----
From: cisco4ng [mailto:cisco4ng AT YAHOO DOT COM]
Sent: mercoledì 27 aprile 2005 12.19
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] mtu value on checkpoint vpn
it can not be done for a single vpn. MTU is an attribute of an interface.
I am assuming
you are doing some kind of GRE routing and encapsulation GRE inside an IPSec
tunnel.
Is this Cisco GRE? The alternative thing to do is to reduce the MTU on the
GRE interface
(cisco will let you do this). That way during the icmp path discovery, you
can be sure
that IPSec will always be less than 1460 therefore, you VPN traffics will
not be fragmented.
Try it and let me know.
cisco4ng
Sena Angelo <angelo.sena AT ATOSORIGIN DOT COM> wrote:
Hi,
I have a problem with the vpn site to site when I use the connection into a
GRE tunnel.
The problem is that if one pc start a vpn connection, if this pc need to
negotiate the MTU value, this is inside the tunnel GRE and cannot be
understood from the other site.
Someone know if is it possible to change the MTU value on the single VPn on
the Checkpoint Firewall-1 firewall? (using some parameter on the policy
rule?).
If I change the MTU value on the single pc, the application works fine, but
I must change the MTU on any pc.
We use a Checkpoint Firewall-1 NG AI R55.
Thanks in advanced.
Ciao
Angelo Sena
Network services
> Atos Origin
Viale Carlo Viola, 76 - 11026 Pont Saint Martin (AO) - Italy
Tel: +39.0125.810.718
Fax: +39.0125.810.340
E-mail: angelo.sena AT atosorigin DOT com
This electronic message contains information from Atos Origin, which may be
privileged and confidential. The information is intended to be use of the
individual(s) or entity named above. If you are not the intended recipient,
be aware that any disclosure, copying, distribution or use of the contents
of this information is prohibited.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
