[j-nsp] tracing IPSEC on an M20
Bosco Sachanandani
Bosco.Sachanandani at orange.co.in
Tue May 11 08:38:19 EDT 2004
hi All,
We have an IPSec tunnel between our M20 ES-PIC and a Netscreen500 firewall.
The comes up fine but we are having some problem when sending payload with a larger IP MTU of 1500 bytes (TCP MSS 1460) through this tunnel which causes packet fragmentation. Smaller sized payload works great. I am sure that folks at the other end who are using the Netscreen have turned on the TCP MSS option on the firewall.
My question is that is there any PAYLOAD debugging tools available on the Juniper platform? The traceoptions only shows the IPSEC and IKE control messages and not specifics of the data passing through it. Also the 'monitor traffic interface es-1/1/0.15' says listening on the interface but I never see any traffic passing through it even when smaller payload is passing through it (Strange?!?)
I just wanted to know if there are any commands / options in Junos itself without me having to setup a protocol analyser and take traces.
Cheers
Bosco
More information about the juniper-nsp
mailing list