|
Posted by Simon on November 7, 2006, 11:50 am
If you were Registered and logged in, you could reply and use other advanced thread options Scott Moseman wrote:
> So the reason for the fragmented packets is, potentially, due to the MTU
> size on my PC being larger than the MTU along the path somewhere? I
> will play with that and see what I can break.
>
> Thanks,
> Scott
>
>
> Simon wrote:
>>>
>>> No ideas from anyone? Should I sniff the packets? If I do, is there
>>> even anything I'm going to find out from those packets if I do go
>>> about collecting them? I imagine that it'll only confirm that the
>>> packets are fragmented, and not necessarily showing me how to resolve
>>> it.
>>>
>>> Thanks,
>>> Scott
>>>
>>>
>>> Scott Moseman wrote:
>>> >
>>> > SonicWALL Firmware 5.1.7.0
>>> >
>>> > When I attempt to connect to the VPN, I'm getting the error
>>> > message "Fragmented Packet Dropped" in the device logs. I
>>> > tested this from my client behind a Cisco ASA at the office,
>>> > and a Linksys SOHO device from a neighbor's house. Same error
>>> > message both times.
>>> >
>>> > I *do* have the "Allow Fragmented Packets" option on "Over
>>> > IPSec" checked, which I thought would have been the solution.
>>> > But having that option selected does not appear to make any
>>> > difference.
>>> >
>>> > Any ideas where I go from here?
>>> >
>>> > Thanks,
>>> > Scott
>>> >
>>
>> Tried dropping the mtu size on the PC so that the packets don't get
>> fragmented ?
>> simon
> >
Hi,
how did you get on ? I found in the past that some applications (Lotus
Notes was a common one) would use the largest packet they could, by the
time it's been wrapped up in the security etc it always needed
fragmentation. Might be worth checking that icmp messages are turned on
the vpn router - these should tell the client to reduce the mtu.
simon
|