ccse89f54c70-508c-400f-9477-dd8648799b1e

MSS/MTU over IPSec - issues with Office365 (on-premise)

Discussion created by ccse89f54c70-508c-400f-9477-dd8648799b1e on Jul 19, 2018
Latest reply on Jul 19, 2018 by Marco Valenti

hi chaps

 

got quite interesting topic and just so you know I couldn't find much of the relevance by folloing sk: sk98074

my customer has Office365 (office.us) on premise infrastructure in US which can be easily accessed via MPLS and directly connected hub-and-spoke networks - but this is it. Clients (PC/Laptops) which are connected via IPSec Tunnels behind little 3200 devices, terminated on A/S Cluster of 56xx (no LSM!) located where all Satelites Remote GWs forms Star Topology are UNABLE to connect to Office365 faclity (not Azure!).

 

I'm in a position to say that intermittent circumstances where some of the "wired" clients are unable to use Office365 happens only on those computers which are behind VPN Star topology networks so literally behind 3200 R80.10 gateways (Centrally managed by MDS Management HA).

 

any ideas how to troubleshoot and resolve such inconvinience would be highly appreciated.

I solely believe I'm not the only one having such issues with Office365 and MSS/MTU issues (1500 vs 14xx values).

Bear in mind that I do know very well that this was already addressed when designing R80.10 and it affected mainly those behind R77.30 platforms.

 

Thanks in advance

 

Jerry

 

ps. YES, I'm very much aware of this post as well:

 

https://community.checkpoint.com/message/10659-r8010-gateway-cant-set-simclampvpnmss

Outcomes