IP fragments are a way of life in the Internet. It's better to disable this setting. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver http://isaserver.org/Jim_Harrison http://isatools.org Read the help, books and articles! ----- Original Message ----- From: "Nicholas Palmer" <NICK@xxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Friday, January 02, 2004 09:06 Subject: [isalist] IPSec/L2TP VPN and packet fragment filtering security questions http://www.ISAserver.org Hi all, I've got a question about setting up and IPSec/L2TP VPN and ISA filtering fragmented packets. I have setup my VPN and it works fine using PPTP. So I setup the certificates and put them on the server and the client and then tried to make a IPSec/L2TP connection from the client and it failed and the event log said that the reason for failure was a negotiation timeout. Using network monitor I was able to trace the packets going back and forth and appeared that after the intiial communication, there was a fragmented packet. This seemed to happen repeatedly until the connection gave up. So I searched the web and found that when using ISA, you have to disable fragmented packet filtering for IPSec/L2TP connections to work. So my first question is, is this true ? My second question is, is does disabling fragmented packet filtering a bad thing to do ? Does it reduce my level of security ? Thanks Nick. ____________________ Nicholas Palmer KCI Computing, Inc. (nick@xxxxxxxxxxx) 310.921.6222 ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')