Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 5 subscribers
  • Views 15207 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RED connection drops packets larger than 1380 bytes

ChrisBKA

Hi,

 

one of our customers has the problem, that without RED tunnel comp. it is not possible to do ICMP larger than 1380bytes.

When i activate compression the ICMP goes through - even with 9000bytes.

 

i double checked everything, also went through rulez by . No clue at all.

I also checked our RED Connection to offsite... there, even without compression i can ICMP Ping with 9000bytes.

 

I am currently thinking that the RED box is damaged. I also tried to switch PSU of the RED but still no luck.

 

Did anyone of u had simmilar issues ?

 

Please feel free to respond also in german. Danke/Thanks

 

Greets, thanks for answers in advance,

 

Chris



This thread was automatically locked due to age.
  • 0

    What does Sophos Support say about this, Chris?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi Balfson,

    thanks for your reply.

    nothing - atm.

    Just wanted to ask the community first. But when you think it would be better :-/

    I will give it a try. Probably they will tell me to reflash the device.

     

    Cheers - Chris

  • 0

    Any chance someone was playing with MTU settings on the internal or external?  Is the DHCP server set to broadcast a MTU size?  Are they using any site to site vpns to communicate between subnets?

  • 0 in reply to ChrisBKA

    Isn't a RED connectiom a variety of tunnel?   The mtu suze that feeds a tunnel needs to be less than the mtu of the tunnel, because the tunnel adds overhead bytes.   1380 bytes sounds about right.

    You can test mtu using ping with different packet sizes and setting the "do not fragment" flag.   Set your non-tunnel mtu to no more than what can traverse without fragmentation.

  • 0 in reply to DouglasFoster

    Hi and thanks for you replies,

    i was at the customers site yesterday:

    I solved the wan flapping issue by installing a little stupid 20€ switch between the utm an the WAN GW - :-/

    so i had time time debug the MTU thing ...

    I have 3 simmilar RED at remote sites of the customer.

    2 of them i can

    #ping.exe -l 4000

    i get answer, no loss. perfect.

    But on one site, without enabling tunnelcomp, no luck with packets over 1380bytes.

    so i get

    #ping.exe -l 1382

    Timeout

    Timeout

    Timeout

    100% loss

    Very strange ... red box does still have support... so i try to open a ticket and get replacement for this piece of sh***

     

    Cheers,

    Chris

     

Unfiltered HTML