Problems arise when the remote access client is behind a hide NAT device that does not support this kind of packet fragmentation: If the resulting packets are greater than the MTU, the packets are fragmented at the Data Link layer of the Operating System's TCP/IP stack. When a remote access client attempts to create a VPN tunnel with its peer Security Gateway, the IKE or IPsec packets may be larger than the Maximum Transmission Unit (MTU) value.
NAT related issues arise with hide NAT devices that do not support packet fragmentation. Other issues, such as Domain Name Resolution involving DNS servers found on an internal network protected by a Security Gateway, are resolved with Split DNS. Routing issues of this type are resolved using Office Mode. Other connectivity issues can arise, for example when a remote client receives an IP address that matches an IP on the internal network. IPsec Path Maximum Transmission Unit (IPsec PMTU)Ĭheck Point resolves port filtering issues with Visitor Mode (formally: TCP Tunneling).Issues involving service/port filtering on the enforcement deviceĬheck Point resolves NAT related connectivity issues with a number of features:.Issues involving NAT devices that do not support fragmentation.Under these conditions, a number of connectivity issues can arise: During the morning they may be located within the network of a partner company, the following evening connected to a hotel LAN or behind some type of enforcement or NATing device. Remote clients are, by their nature, mobile. While there are a few connectivity issues regarding VPN between Security Gateways, remote access clients present a special challenge. The Need for Connectivity Resolution FeaturesĬheck Point Solution for Connectivity Issues Resolving Connectivity Issues In This Section:
0 kommentar(er)
