IPSec/L2TP VPN and packet fragment filtering security questions

• From: "Nicholas Palmer" <NICK@xxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 31 Dec 2003 13:57:52 -0800

Hi all,

I've got a question about setting up and IPSec/L2TP VPN and ISA
filtering fragmented packets.  I have setup my VPN and it works fine
using PPTP.  So I setup the certificates and put them on the server and
the client and then tried to make a IPSec/L2TP connection from the
client and it failed and the event log said that the reason for failure
was a negotiation timeout.

Using network monitor I was able to trace the packets going back and
forth and appeared that after the intiial communication, there was a
fragmented packet.  This seemed to happen repeatedly until the
connection gave up.  So I searched the web and found that when using
ISA, you have to disable fragmented packet filtering for IPSec/L2TP
connections to work.  So my first question is, is this true ?

My second question is, is does disabling fragmented packet filtering a
bad thing to do ?  Does it reduce my level of security ?

Thanks
Nick.

____________________
Nicholas Palmer 
KCI Computing, Inc.
(nick@xxxxxxxxxxx)
310.921.6222

Other related posts:

• » IPSec/L2TP VPN and packet fragment filtering security questions
• » Re: IPSec/L2TP VPN and packet fragment filtering security questions
• » Re: IPSec/L2TP VPN and packet fragment filtering security questions
• » RE: IPSec/L2TP VPN and packet fragment filtering security questions
• » IPSec/L2TP VPN and packet fragment filtering security questions

1. Home
2. isalist
3. Archive
4. 12-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---