Checkpoint VPN Application TCP handshake works but actual traffic fails

Posted on 2011-09-03
Last Modified: 2012-05-12
I have a Checkpoint VPN configured on a VSX context created on a gateway cluster.  VPN connections appear to work fine - no problems authenticating or connecting, and tunnel remains up, but any application traffic appears to fail - SSH, RDP, HTTP/HTTPS.  Connectivity is working - when I launch a telnet session via various TCP ports (22, 80, 443, 3389) I get a response, but when I actually try to connect via a browser or whatever, it hangs and never connects.  When I try ping tests using the -f option and specifying larger packet seizes than 252 bytes, the pings fail.  

I've seen a number of links indicating that the MTU size should be changed - either on the firewall or the VPN client, but I can't seem to find any links for how to modify it on VSX (virtual FW context - is it same as linux?) or on the client itself.

Any assistance would be greatly appreciated!
Question by:cdaly26
  • 2

Accepted Solution

cdaly26 earned 0 total points
ID: 37000385
Update:  Problem was related to an NX-OS bug on the Cisco 5548 switch - any time a 10G port was used as a 1G port MTU was screwed up causing disconnects and timeouts.

Author Closing Comment

ID: 37000390
Cisco NX-OS bug - upgraded software on switch.

Featured Post

Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Adding VPN user with Cisco RV110W changes IP address 7 52
VPN Access to Network 4 35
Windows Folder Permissions 9 100
What is the VPn crypto table on a Cisco ASA? 2 19
Read about achieving the basic levels of HRIS security in the workplace.
Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question