--===============1409044351==
Content-Type: multipart/alternative;
boundary="----=_Part_21530_28686303.1189580744935"

------=_Part_21530_28686303.1189580744935
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

On 9/11/07, Bell Simon (RBNA/CIT1.12) wrote:
>
> We occasionally have customers call in reporting that they're never
> prompted for credentials when attempting to connect to the VPN. This
> happens most often when they're at a hotel/public hotspot. However, if
> they use a profile based on a preshared key instead of a cert
> authentication, they connection works w/o issue. I've captured traffic
> off a failed user and it looks like during a cert auth IPSec tunnel
> there's a fair amount of packet fragmentation.
>



The fragmentation can be solved by using IKE over tcp.
What type of vpn (vendor) are you using?

Br.
Robby

------=_Part_21530_28686303.1189580744935
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

On 9/11/07, Bell Simon (RBNA/CIT1.12) <Simon.Bell@us.bosch.com> wrote:

We occasionally have customers call in reporting that they're never
prompted for credentials when attempting to connect to the VPN. This
happens most often when they're at a hotel/public hotspot. However, if

they use a profile based on a preshared key instead of a cert
authentication, they connection works w/o issue. I've captured traffic
off a failed user and it looks like during a cert auth IPSec tunnel
there's a fair amount of packet fragmentation.



The fragmentation can be solved by using IKE over tcp.
What type of vpn (vendor) are you using?

Br.
Robby





------=_Part_21530_28686303.1189580744935--

--===============1409044351==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards

--===============1409044351==--