On 2/19/07, Tim Pushor <[EMAIL PROTECTED]> wrote:
Hi all,
I'm getting to the point where I don't really know where to turn. I am
having a weird problem with an OpenBSD server/firewall that has a
permament IPSec tunnel to a checkpoint embedded security device. The
problem is, that half the time large packets can't get through. I've
trial and error'ed (via windows ping -l) that ping packets 1306 bytes
get through all the time, while packets > 1306 (even 1307) only get
through half the time. Not half the time like 50% loss, but like it
works for hours, then doesn't for 10 minutes.
If that Check Point device has SmartDefense enabled, it has rules that
futz with ICMP packets larger than some threshold. See if you have any
of that mojo going on.
DS
