Re: [fw-wiz] VPN Issue with Certs and fragmentation - Firewalls
This is a discussion on Re: [fw-wiz] VPN Issue with Certs and fragmentation - Firewalls ; --===============1409044351==
Content-Type: multipart/alternative;
boundary="----=_Part_21530_28686303.1189580744935"
------=_Part_21530_28686303.1189580744935
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
On 9/11/07, Bell Simon (RBNA/CIT1.12) wrote:
>
> We occasionally have customers call in reporting that they're never
> prompted for credentials when attempting to connect to the ...
-
Re: [fw-wiz] VPN Issue with Certs and fragmentation
--===============1409044351==
Content-Type: multipart/alternative;
boundary="----=_Part_21530_28686303.1189580744935"
------=_Part_21530_28686303.1189580744935
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
On 9/11/07, Bell Simon (RBNA/CIT1.12) wrote:
>
> We occasionally have customers call in reporting that they're never
> prompted for credentials when attempting to connect to the VPN. This
> happens most often when they're at a hotel/public hotspot. However, if
> they use a profile based on a preshared key instead of a cert
> authentication, they connection works w/o issue. I've captured traffic
> off a failed user and it looks like during a cert auth IPSec tunnel
> there's a fair amount of packet fragmentation.
>
The fragmentation can be solved by using IKE over tcp.
What type of vpn (vendor) are you using?
Br.
Robby
------=_Part_21530_28686303.1189580744935
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
On 9/11/07, Bell Simon (RBNA/CIT1.12) <Simon.Bell@us.bosch.com> wrote:
We occasionally have customers call in reporting that they're never
prompted for credentials when attempting to connect to the VPN. This
happens most often when they're at a hotel/public hotspot. However, if
they use a profile based on a preshared key instead of a cert
authentication, they connection works w/o issue. I've captured traffic
off a failed user and it looks like during a cert auth IPSec tunnel
there's a fair amount of packet fragmentation.
The fragmentation can be solved by using IKE over tcp.
What type of vpn (vendor) are you using?
Br.
Robby
------=_Part_21530_28686303.1189580744935--
--===============1409044351==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards
--===============1409044351==--
