Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Checkpoint VPN Application TCP handshake works but actual traffic fails

Posted on 2011-09-03
Medium Priority
Last Modified: 2012-05-12
I have a Checkpoint VPN configured on a VSX context created on a gateway cluster.  VPN connections appear to work fine - no problems authenticating or connecting, and tunnel remains up, but any application traffic appears to fail - SSH, RDP, HTTP/HTTPS.  Connectivity is working - when I launch a telnet session via various TCP ports (22, 80, 443, 3389) I get a response, but when I actually try to connect via a browser or whatever, it hangs and never connects.  When I try ping tests using the -f option and specifying larger packet seizes than 252 bytes, the pings fail.  

I've seen a number of links indicating that the MTU size should be changed - either on the firewall or the VPN client, but I can't seem to find any links for how to modify it on VSX (virtual FW context - is it same as linux?) or on the client itself.

Any assistance would be greatly appreciated!
Question by:cdaly26
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2

Accepted Solution

cdaly26 earned 0 total points
ID: 37000385
Update:  Problem was related to an NX-OS bug on the Cisco 5548 switch - any time a 10G port was used as a 1G port MTU was screwed up causing disconnects and timeouts.

Author Closing Comment

ID: 37000390
Cisco NX-OS bug - upgraded software on switch.

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How does someone stay on the right and legal side of the hacking world?
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question