[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Citrix / Firewall-1 VPN incompatibility?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, I am trying to run Citrix (128-bit encryption) within a checkpoint site-site VPN (IKE, 3DES, ESP). I can connect fine to the citrix box accross the internet (without encryption), but when I try to connect to its internal interface via the VPN it dies. The main screen opens, but right before it prompts for authentication it stalls until timeout. There is a IP filter box enroute, passing all traffic.. I've noticed this icmp error message amongst the traffic (IP's deleted): qfe0 @0:77 p x.x.x.x -> y.y.y.y.y PR icmp len 20 56 icmp 3/4 for y.y.y.y,1494 - x.x.x.x,2732 PR tcp len 20 1500 K-S IN ICMP 3, code 4 is dest unreachable w/ IP fragmentation. Any idea as to what is going on here? Is it possible that the double layers of encrypted traffic is pushing overhead to the point where the original packets are being spread out accross too many encrypted packets? Any thoughts as to resolution? I have checked all support sites that I know of to no avail. (BTW, Citrix also refuses to tunnel within a SecuRemote VPN.) Thanks in advance. Frans - ---- Frans Lawaetz Breakaway Solutions Internet Security Engineer 61 East Cottage St, Norwood, MA 02062 OfficeCellGet there first. -----BEGIN PGP SIGNATURE----- Version: PGP 7.0 iQA/AwUBOq5sHFaewKKaHSbPEQLUfwCfVhLFZ3InTNEBLkTlzDceDiedE4cAnAzO pQrBk2gDOUqhbTDX7Je5OEsP =lgkj -----END PGP SIGNATURE----- ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|