[j-nsp] FW: VPN 3005 concentrator 3DES to Juniper M20 [7:70444]
Daniel
telecom at servidor.unam.mx
Mon Jun 16 11:36:31 EDT 2003
AFAIK, there's nothing you can do in Juniper to support fragmentation..
maybe the new AS PIC will have the support.. hopefully.. Cisco's solution
on 12.2.13T is to prefragment.. but you always gonna have client who
doesnt want to or can't do that..
-------------
Hi Group
Thanks Lars and Tony for the feedback.
Just a couple of insights:
The tunnel status between both the boxes is up ie the IKE as well as IPsec
part. Infact, when I established connectivity for the first time between
the two, I was able to telnet and ftp (login only) from a host behind the
Juniper to a host behind the VPN concentrator. Hence as Lars suggested
below, I do not think it's got to do anything with IKE/IPSec negotiation.
Also, there are no firewalls / ACLs defined in between.
The problem is definitely got to do some thing with resassembly of the ESP
when it reaches the Juniper ES-PIC.
Well seems like there is a certain software upgrade possible on the Cisco
Box, I have to get my hands on that one and test it out first, am planning
to do so next week.
What I am seeking help from you guys about is that is there a way of
re-configuring something on the Juniper or some software patch that allows
me to configure fragmentation and packet assembly? You see most of our
customers here are using a Cisco box, I can't keep telling them to upgrade
to a higher IOS or Concentrator software version...... better try and
change something from my side.
Thanks a ton for listening.
Cheers
Bosco
PS: Hey Tony! This Juniper Installation has been done by EPA itselF!! :)
You can check it up with EPAHAHE..He has pointed out certain things for me
to do here and check. Cheer
More information about the juniper-nsp
mailing list