Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4448
Views
0
Helpful
1
Replies

AMP for Endpoint over IPSec S2S VPN

dngore
Cisco Employee
Cisco Employee

‎03-08-2019 03:52 AM

Hi Experts,

We are proposing AMP 4E for servers (linux and Windows). Customer will have private cloud AMP & TG installation at one site.

And Serers with AMP connector at another site. These two sites will be connected by Site to site VPN. So basically AMP connector will communicate over VPN to AMP PC & TG

 

Do you see any challenges or risks in above solution?

Labels:
0 Helpful
1 Reply 1

rolszowy
Cisco Employee
Cisco Employee

‎03-28-2019 03:18 AM

In L2L VPN over internet, MTU will be smaller than default 1500 bytes. Because of that SSL handshake can fail because of the Don't Fragment flag set in IPv4 header.

In this case I would either allowed and enabled ICMP Unreachable (recommended) or cleared DF-bit on the tunnel itself. Other than that, you should be covered.

0 Helpful
Customers Also Viewed These Support Documents