1. Home
  2. Networking Firewalls
  3. A question about Checkpoint firewall and Telnet over VPN

A question about Checkpoint firewall and Telnet over VPN

Hello

I have been trying different options to resolve an issue with a remote site VPN tunnel. I have the tunnel up and working. I have tried using IPSEC with low,medium and strict security profile. Since I am using Shiva VPN devices, I have tried using their Shiva Smart Tunnels too. They all work fine. I can perform all the normal operations like file copy, establish VNC sessions and browse interent too. The only problem is with the telnet session from that remote site to another site which goes through my comapny LAN. The telnet session works fine from the internal company LAN, but it doesnt work from that remote site. It starts of well allowing the users to log in, but once they log in, it freezes up. Initially I assumed this was caused by the encryption, but later on found out that its the checkpoint firewall on the company side that casues this problem. I am sure about this because I tried a different VPN connection via an ADSL connection that connected to the company LAN without going throught firewall. It worked perfectly fine allowing the telenet session.

Could anybody tell me what settings on checkpoint would resolve this issue.

thanks Ankit

Reply to
apsolar
Loading thread data ...

This is probably not a checkpoint issue. I had the same problem using telnet to connect to a UNIX machine. It is most likely a packet size issue.

You will need to lower the MTU on both ends of the connection. I had to lower the MTU on both ends to 1390.

I discovered this was a problem when I would get to a prompt and try to ls a directory with 100's of files. It would freeze after listing the first 30 or so. Lowered the MTU on both ends and all was well.

moncho

Reply to
moncho

I tried lowering the mtu size but it didn't help. The other option which i tested succefully was using a pix firewall at the remote end and that had the default mtu size of 1500, but it still worked. I don't think mtu is the problem, I have had a feedback from the remote site users who say that the session does work sometimes and doesnt most of the time. Any other ideas.

thanks for ur suggestion moncho.

Reply to
apsolar

Hard to say. You didn't mention what version Checkpoint it is. If you were using Smart Defense or not. Is it telnet or SSH and if it is SSH what version... 1, 2, or 3. Depending on the firewall and its config, you can discriminate at that level. Any clues from the Log files. You are logging drops at least as a diag tool I assume.

Reply to
columbotrek

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.