On 2/28/06, dasz <daszylstra at comcast dot net> wrote:
> Every other function does seem to work - they have about 100+ nodes at each
> location and they can ping, telnet, ftp, http, do firmware/software
> upgrades, etc just fine to all nodes; it only seems to be the SNMP traffic
> heading back to their central office that fails -- when I look at the Mono
> firewall log it shows the SNMP traffic being blocked with a source and
> destination that is definitely in the IPSEC IP range, so for some reason
> Mono is ignoring the destination IP and trying to pass it through the
> firewall . . . . .
This makes it sound like the default rule is still set to deny
fragments, and the SNMP is getting fragmented for some reason. that's
my first guess at least.