- CheckMates
- :
- Products
- :
- CloudMates Products
- :
- Cloud Network Security
- :
- Discussion
- :
- PPPoE connection problem (CP3200)
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
PPPoE connection problem (CP3200)
Hi Mates,
I have a problem with PPPoE connection to ISP on my CP3200 HW appliance. Everything`s work fine on Cisco router with these settings:
interface Dialer1
mtu 1492
ip address negotiated
ip mtu 1480
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname ******@***
ppp chap password 0 ****
ip virtual-reassembly
interface GigabitEthernet0/0/0.20
encapsulation dot1Q 20
ip address 192.168.*.1 255.255.255.0
ip nat inside
ip tcp adjust-mss 1196 (*non standart value, but provided from ISP and works fine)
ip ospf 1 area 4
ip virtual-reassembly
As you can see we`ve set required parameteres (such as adjust-mss and MTUs) and this is working fine on Cisco router, but i need to connect my ISP connection directly to CP3200. I`ve created PPPoE interface and it is connecting normally but the issue is that clients doesn`t have Web access, only pings (ICMP) works fine. Currently we don`t have any stricts in policy it just set to Allow all, and we use typical ethernet interface facing to Internet everythings work but not with PPPoE. So, how i can adjust mss values on interfaces to make HTTP sessions establishing normally.
Thank you very much.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Have you tried disabling SecureXL?
You can try disabling it with [fwaccel off] command from clish to test it out on the fly.
AFAIK, PPPoE interfaces are not not supported with SecureXL. (though SXL should automatically be disabled on ppp interfaces...)
ATRG: SecureXL for R80.10 and below
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
ATRG: SecureXL for R80.20 and above
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Natureson,
the solution mentioned by Dameon really solves your problem with PPPoE.
Please be aware of the different settings for the different release versions !
Wolfgang
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Have you tried disabling SecureXL?
You can try disabling it with [fwaccel off] command from clish to test it out on the fly.
AFAIK, PPPoE interfaces are not not supported with SecureXL. (though SXL should automatically be disabled on ppp interfaces...)
ATRG: SecureXL for R80.10 and below
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
ATRG: SecureXL for R80.20 and above
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you very much, now it looks like my problem solved.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
After I try disabling it with [fwaccel off] command , i can access some website. I can't access all website.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If that happens with certain websites, then try adjusting the MTU/MSS with your ISP as PhoneBoy and Wolfgang suggested above. It should help you.