<div>
Predrag,<br />
<br />
According to the vpn provider, the same setup has worked for thousands of installs. they advised that they are not allowed to change the MTU size on the fortinet. Can the ISPs' incoming router, i imagine it is the device that not allowing the security fragment because i dont have any other devices in front of the fortinet, can't they make an exception entry for our ip?
</div>


<div>
<div class="content wysiwyg-content">
hello we have a third party vpn w/2048bit cert (fortinet 60C) It is directly connected to our cable modem w/static ip. &nbsp;<br />
the vpn is able to send out packets to the other endpoint, broken into 1500bit and 254bit. &nbsp;On the return trip, the third party tech advises us that the larger packet, 1500bit makes it back, however for unknown reasons the 254bit smaller packet gets dropped. <br />
<br />
we can't admin the 60C. it's one of these bank/fed reserve connections. however we know that the 60C is setup at 1500MTU and the modem is also 1500MTU. &nbsp;there is not device between the 60C and the modem, it goes direct to the modem as above. any thoughts as to what would not allow the 254bit packet back? &nbsp;I've been troubleshooting with the ISP and getting nowhere. thinking we'll have to change the circuit?
</div>
</div>


hello we have a third party vpn w/2048bit cert (fortinet 60C) It is directly connected to our cable modem w/static ip.  
the vpn is able to send out packets to the other endpoint, broken into 1500bit and 254bit.  On the return trip, the third party tech advises us that the larger packet, 1500bit makes it back, however for unknown reasons the 254bit smaller packet gets dropped. 

we can't admin the 60C. it's one of these bank/fed reserve connections. however we know that the 60C is setup at 1500MTU and the modem is also 1500MTU.  there is not device between the 60C and the modem, it goes direct to the modem as above. any thoughts as to what would not allow the 254bit packet back?  I've been troubleshooting with the ISP and getting nowhere. thinking we'll have to change the circuit?

troubleshooting incoming fragment being dropped for a vpn tunnel

Internet Protocol Security (IPsec) is a protocol suite for secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec can be used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host). IPsec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite.

Internet Protocol Security

The term broadband commonly refers to high-speed Internet access that is always on and faster than the traditional dial-up access. Broadband includes several high-speed transmission technologies such as digital subscriber line (DSL), cable, fiber optics, wireless (for which there is a separate topic), satellite and broadband over powerlines (BPL).

Broadband

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.