https://community.cisco.com/t5/network-security/cisco-pix-compactability-with-checkpoint/m-p/866276#M494577 <HTML><HEAD></HEAD><BODY><P>You do not need to change anything. What </P><P>is the checkpoint version? Is it NG, NG with</P><P>AI or NGx? Make sure you use the latest</P><P>HotFix Accumulator (HFA) on the checkpoint side.</P><P>When in doubt, run "fw ver" and it will tell</P><P>the current version on the firewall.</P><P></P><P>Try to upgrade to the latest HFA first.</P><P>if you still has issues, then the next </P><P>thing to do is to use dbedit to modify some</P><P>parameters on the checkpoint firewall.</P><P></P><P></P><P></P></BODY></HTML> Wed, 28 Nov 2007 17:53:20 GMT kevin.jones1 2007-11-28T17:53:20Z https://community.cisco.com/t5/network-security/cisco-pix-compactability-with-checkpoint/m-p/866274#M494565 <P>Hi All,</P><P></P><P>We need your assistance </P><P></P><P>Issue: VPN Pkts get dropped. </P><P></P><P>1) A Site-to-Site VPN is established b/w Checkpoint &amp; Cisco PIX. </P><P>2) Often the connectvitiy Flaps, i.e. the pkst get dropped.</P><P></P><P>Error:</P><P></P><P>Pix: Duplicate pkt on Phase 2</P><P></P><P>Checkpoint: Virtual defragmentation error: Timeout</P><P></P><P>When checked in Google, the solution is 'caused to due to jumbo packets traversing thru the tunnel' and need to change the MTU size.</P><P></P><P>We have S-2-S tunnels with multiple customers and have issue with only one customer and he is asking to change the MTU Size. To my knowledge we can only change MTU for an interface and not for tunnel.</P><P></P><P>Kindly advice me on this.</P><P></P><P>Regards,</P><P>Thebull.</P> Fri, 21 Feb 2020 09:48:17 GMT https://community.cisco.com/t5/network-security/cisco-pix-compactability-with-checkpoint/m-p/866274#M494565 tkstkstks 2020-02-21T09:48:17Z https://community.cisco.com/t5/network-security/cisco-pix-compactability-with-checkpoint/m-p/866275#M494572 <HTML><HEAD></HEAD><BODY><P>You can change the MTU for a tunnel. Each tunnel has a virtual interface associated with it. You can go to the virtual interface config and specify the required MTU size.</P></BODY></HTML> Tue, 27 Nov 2007 22:43:04 GMT https://community.cisco.com/t5/network-security/cisco-pix-compactability-with-checkpoint/m-p/866275#M494572 tstanik 2007-11-27T22:43:04Z https://community.cisco.com/t5/network-security/cisco-pix-compactability-with-checkpoint/m-p/866276#M494577 <HTML><HEAD></HEAD><BODY><P>You do not need to change anything. What </P><P>is the checkpoint version? Is it NG, NG with</P><P>AI or NGx? Make sure you use the latest</P><P>HotFix Accumulator (HFA) on the checkpoint side.</P><P>When in doubt, run "fw ver" and it will tell</P><P>the current version on the firewall.</P><P></P><P>Try to upgrade to the latest HFA first.</P><P>if you still has issues, then the next </P><P>thing to do is to use dbedit to modify some</P><P>parameters on the checkpoint firewall.</P><P></P><P></P><P></P></BODY></HTML> Wed, 28 Nov 2007 17:53:20 GMT https://community.cisco.com/t5/network-security/cisco-pix-compactability-with-checkpoint/m-p/866276#M494577 kevin.jones1 2007-11-28T17:53:20Z