[j-nsp] Netscreen 204Firewall ----- Juniper IPSEC problem

Rubens Kuhl Jr. rkjnsp at ieg.com.br
Mon Jan 27 12:42:36 EST 2003


| I have an IPSEC  problem between Netscreen 204 and Juniper router.
|
| It seems the netscreen encapsulated the incoming packet with IPSEC header
| and if the total size of the packet bigger than allowed MTU of the
netscreen
| interface towards Juniper ruter, it will do fragmentation.

It's the right thing to do... M stands for maximum.

| This cause problem with my http traffic.

Fragment drops someplace else causes the problem, not fragmentation itself.

| How should i handle this problem in juniper part ?

Unless you can increase the MTU, this problem should be handled at the IPSEC
gateway by means such as MSS Clamping.


Rubens Kuhl Jr.






More information about the juniper-nsp mailing list