Solved

Checkpoint VPN Application TCP handshake works but actual traffic fails

Posted on 2011-09-03
2
623 Views
Last Modified: 2012-05-12
I have a Checkpoint VPN configured on a VSX context created on a gateway cluster.  VPN connections appear to work fine - no problems authenticating or connecting, and tunnel remains up, but any application traffic appears to fail - SSH, RDP, HTTP/HTTPS.  Connectivity is working - when I launch a telnet session via various TCP ports (22, 80, 443, 3389) I get a response, but when I actually try to connect via a browser or whatever, it hangs and never connects.  When I try ping tests using the -f option and specifying larger packet seizes than 252 bytes, the pings fail.  

I've seen a number of links indicating that the MTU size should be changed - either on the firewall or the VPN client, but I can't seem to find any links for how to modify it on VSX (virtual FW context - is it same as linux?) or on the client itself.

Any assistance would be greatly appreciated!
0
Comment
Question by:cdaly26
  • 2
2 Comments
 

Accepted Solution

by:
cdaly26 earned 0 total points
ID: 37000385
Update:  Problem was related to an NX-OS bug on the Cisco 5548 switch - any time a 10G port was used as a 1G port MTU was screwed up causing disconnects and timeouts.
0
 

Author Closing Comment

by:cdaly26
ID: 37000390
Cisco NX-OS bug - upgraded software on switch.
0

Featured Post

Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

Join & Write a Comment

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now