Hello,

I am not sure why you are still having problems, at the moment I can only 
think of two reasons:

1. Some other rule is masking the rule that allows fragmented packets..or..
2. There is an upstream router that has a lower MTU (but that wouldn't 
explain why the ping works one way but not the other).

Btw,

AH = the packet comes from who it says it comes from
ESP = the contents of the packet are encrypted

Regards,

Kris.

----- Original Message ----- 
From: "Jeff Buehler" <jeff at buehlertech dot com>
To: "Kris Shaw" <monowall at wealdclose dot co dot uk>
Cc: <m0n0wall at lists dot m0n0 dot ch>
Sent: Friday, February 10, 2006 3:45 PM
Subject: Re: [m0n0wall] outlook -> exchange problem


> Hi Kris -
>
> I am pinging the m0n0wall itself - I get the same behavior with devices 
> behind the m0n0wall in each of the three given VPNs.  After modifying ESP 
> and AH protocols to allow fragmented packets, I have verified that keep 
> frags is enabled in the status.php page.
>
> The behavior remains the same - one of the three m0n0walls still cannot 
> successfully get a reply after pinging a fragmented packet to either of 
> the other two, while the other two can ping it and each other with a 
> fragmented packet successfully.
>
> By the way, thank you for this modification to m0n0wall - this (and the 
> use of AH instead of ESP) seems to have solved my problem with Outlook 
> keeping a solid connection with Exchange across the VPN.  I am going to 
> test ESP again tonight and see if it works with the new .iso image of 
> m0n0wall.  I'll keep looking into why one of the three does not seem to be 
> working...
>
> Thanks,
> Jeff
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>