Solved

Checkpoint VPN Application TCP handshake works but actual traffic fails

Posted on 2011-09-03
2
629 Views
Last Modified: 2012-05-12
I have a Checkpoint VPN configured on a VSX context created on a gateway cluster.  VPN connections appear to work fine - no problems authenticating or connecting, and tunnel remains up, but any application traffic appears to fail - SSH, RDP, HTTP/HTTPS.  Connectivity is working - when I launch a telnet session via various TCP ports (22, 80, 443, 3389) I get a response, but when I actually try to connect via a browser or whatever, it hangs and never connects.  When I try ping tests using the -f option and specifying larger packet seizes than 252 bytes, the pings fail.  

I've seen a number of links indicating that the MTU size should be changed - either on the firewall or the VPN client, but I can't seem to find any links for how to modify it on VSX (virtual FW context - is it same as linux?) or on the client itself.

Any assistance would be greatly appreciated!
0
Comment
Question by:cdaly26
  • 2
2 Comments
 

Accepted Solution

by:
cdaly26 earned 0 total points
ID: 37000385
Update:  Problem was related to an NX-OS bug on the Cisco 5548 switch - any time a 10G port was used as a 1G port MTU was screwed up causing disconnects and timeouts.
0
 

Author Closing Comment

by:cdaly26
ID: 37000390
Cisco NX-OS bug - upgraded software on switch.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Using in-flight Wi-Fi when you travel? Business travelers beware! In-flight Wi-Fi networks could rip the door right off your digital privacy portal. That’s no joke either, as it might also provide a convenient entrance for bad threat actors.
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question