[j-nsp] Netscreen 204Firewall ----- Juniper IPSEC problem
Rubens Kuhl Jr.
rkjnsp at ieg.com.br
Mon Jan 27 12:42:36 EST 2003
| I have an IPSEC problem between Netscreen 204 and Juniper router.
|
| It seems the netscreen encapsulated the incoming packet with IPSEC header
| and if the total size of the packet bigger than allowed MTU of the
netscreen
| interface towards Juniper ruter, it will do fragmentation.
It's the right thing to do... M stands for maximum.
| This cause problem with my http traffic.
Fragment drops someplace else causes the problem, not fragmentation itself.
| How should i handle this problem in juniper part ?
Unless you can increase the MTU, this problem should be handled at the IPSEC
gateway by means such as MSS Clamping.
Rubens Kuhl Jr.
More information about the juniper-nsp
mailing list