![]() In Figure 31‑1, the UDP packet is too long so the remote client fragments the packet. If the resulting packets are greater than the MTU, the packets are fragmented at the Data Link layer of the Operating System's TCP/IP stack.Problems arise when the remote access client is behind a hide NAT device that does not support this kind of packet fragmentation:Hide NAT not only changes the IP header but also the port information contained in the UDP header. ![]() ![]() Overcoming NAT Related IssuesNAT related issues arise with hide NAT devices that do not support packet fragmentation.When a remote access client attempts to create a VPN tunnel with its peer Security Gateway, the IKE or IPsec packets may be larger than the Maximum Transmission Unit (MTU) value. For more information see.Other issues, such as Domain Name Resolution involving DNS servers found on an internal network protected by a Security Gateway, are resolved with Split DNS. Routing issues of this sort are resolved using Office mode.
0 Comments
Leave a Reply. |