Go Premium for a chance to win a PS4. Enter to Win


Checkpoint VPN Application TCP handshake works but actual traffic fails

Posted on 2011-09-03
Medium Priority
Last Modified: 2012-05-12
I have a Checkpoint VPN configured on a VSX context created on a gateway cluster.  VPN connections appear to work fine - no problems authenticating or connecting, and tunnel remains up, but any application traffic appears to fail - SSH, RDP, HTTP/HTTPS.  Connectivity is working - when I launch a telnet session via various TCP ports (22, 80, 443, 3389) I get a response, but when I actually try to connect via a browser or whatever, it hangs and never connects.  When I try ping tests using the -f option and specifying larger packet seizes than 252 bytes, the pings fail.  

I've seen a number of links indicating that the MTU size should be changed - either on the firewall or the VPN client, but I can't seem to find any links for how to modify it on VSX (virtual FW context - is it same as linux?) or on the client itself.

Any assistance would be greatly appreciated!
Question by:cdaly26
  • 2

Accepted Solution

cdaly26 earned 0 total points
ID: 37000385
Update:  Problem was related to an NX-OS bug on the Cisco 5548 switch - any time a 10G port was used as a 1G port MTU was screwed up causing disconnects and timeouts.

Author Closing Comment

ID: 37000390
Cisco NX-OS bug - upgraded software on switch.

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

927 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question