|
Home > Archive > VPN > November 2006 > SonicWall VPN says Fragmented Packet Dropped
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
SonicWall VPN says Fragmented Packet Dropped
|
|
| Scott Moseman 2006-10-31, 7:15 pm |
| SonicWALL Firmware 5.1.7.0
When I attempt to connect to the VPN, I'm getting the error message
"Fragmented Packet Dropped" in the device logs. I tested this from my
client behind a cisco ASA at the office, and a Linksys SOHO device from
a neighbor's house. Same error message both times.
I *do* have the "Allow Fragmented Packets" option on "Over IPSec"
checked, which I thought would have been the solution. But having that
option selected does not appear to make any difference.
Any ideas where I go from here?
Thanks,
Scott
| |
| Scott Moseman 2006-11-03, 1:13 pm |
| No ideas from anyone? Should I sniff the packets? If I do, is there
even anything I'm going to find out from those packets if I do go about
collecting them? I imagine that it'll only confirm that the packets are
fragmented, and not necessarily showing me how to resolve it.
Thanks,
Scott
Scott Moseman wrote:
>
> SonicWALL Firmware 5.1.7.0
>
> When I attempt to connect to the VPN, I'm getting the error
> message "Fragmented Packet Dropped" in the device logs. I
> tested this from my client behind a cisco ASA at the office,
> and a Linksys SOHO device from a neighbor's house. Same error
> message both times.
>
> I *do* have the "Allow Fragmented Packets" option on "Over
> IPSec" checked, which I thought would have been the solution.
> But having that option selected does not appear to make any
> difference.
>
> Any ideas where I go from here?
>
> Thanks,
> Scott
>
| |
|
| Scott Moseman wrote:[vbcol=seagreen]
> No ideas from anyone? Should I sniff the packets? If I do, is there
> even anything I'm going to find out from those packets if I do go about
> collecting them? I imagine that it'll only confirm that the packets are
> fragmented, and not necessarily showing me how to resolve it.
>
> Thanks,
> Scott
>
>
> Scott Moseman wrote:
Tried dropping the mtu size on the PC so that the packets don't get
fragmented ?
simon
| |
| Scott Moseman 2006-11-06, 7:13 pm |
| So the reason for the fragmented packets is, potentially, due to the MTU
size on my PC being larger than the MTU along the path somewhere? I
will play with that and see what I can break.
Thanks,
Scott
Simon wrote:
>
> Tried dropping the mtu size on the PC so that the packets don't get
> fragmented ?
> simon
>
| |
|
| Scott Moseman wrote:[vbcol=seagreen]
> So the reason for the fragmented packets is, potentially, due to the MTU
> size on my PC being larger than the MTU along the path somewhere? I
> will play with that and see what I can break.
>
> Thanks,
> Scott
>
>
> Simon wrote:
Hi,
how did you get on ? I found in the past that some applications (Lotus
Notes was a common one) would use the largest packet they could, by the
time it's been wrapped up in the security etc it always needed
fragmentation. Might be worth checking that icmp messages are turned on
the vpn router - these should tell the client to reduce the mtu.
simon
|
|
|
|
|