[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: fragmentation

To: ipsec@lists.tislabs.com
Subject: Re: fragmentation
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Date: Sat, 15 Dec 2001 15:13:37 -0500
In-reply-to: Your message of "Thu, 13 Dec 2001 17:54:47 +0200." <Pine.LNX.4.10.10112131747340.3261-100000@localhost.localdomain>
Sender: owner-ipsec@lists.tislabs.com

>>>>> "Sami" == Sami Vaarala <sami.vaarala@netseal.com> writes:
    >> This fails if there is ICMP hole between the near gateway and the
    >> originator. This is actually a very common occurance when one has an extruded 
    >> host/subnet (i.e. the default route for the road warrior is through the
    >> tunnel) since the "other side" is the entire Internet.

    Sami> I see I misread this before, you are talking about a different problem
    Sami> than I was.  What I meant originally is to fix the problem that occurs
    Sami> between IPsec endpoints, not between the actual sender and receiver.  

  If you can fix the MTU between the endpoints (taking into account the
tunnel), then you solve the problem with the tunnel.
  I agree that fixing this may be impossible.

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [

References:

Re: fragmentation

From: Sami Vaarala <sami.vaarala@netseal.com>

Prev by Date: Re: fragmentation
Next by Date: draft minutes from second session
Prev by thread: Re: fragmentation
Next by thread: ikev2 questions arising from Radia's presentation
Index(es):
- Main
- Thread