VPN

[if I dont change the client (MTU will default to 1500), and set the MTU field in my wan settings (Static IP) to say 1000; I can still send packets of 1400 and they still get through ok, eg windows; "ping -l 1400 -f www.google.com" works fine. Am I missing something? I would have thought that I couldn't send a DF packet larger that what I set the MTU field to?]

Hi all, I am overhauling my companys network i two locations in two countries. I have two new monowalls connected via an IPsec tunnel. They both use DSL connections. This is to conenct two offices, and replace what we do now; each client dialing in to a windows VPN. Settup like this:

client (192.168.11.x) --- (192.168.11.1) MONO1 (218.x.x.x) ---- ***Internet*** ---- (60.x.x.x) MONO2 (192.168.1.1) --- (192.168.1.x) client

for bth monowalls setup is:

LAN -(Ethernet)- MONO -(Ethernet)- MODEM -(RJ11 phone line)- DSL

on the old vpn I could use remote desktop fine, I believe this is because the windows vpn changes the MTU to 1400. Through the new setup above, it only works if i force the MTU in the cient (regedit) to, say, 1300.

if I dont change the client (MTU will default to 1500), and set the MTU field in my wan settings (Static IP) to say 1000; I can still send packets of 1400 and they still get through ok, eg windows; "ping -l 1400 -f www.google.com" works fine. Am I missing something? I would have thought that I couldn't send a DF packet larger that what I set the MTU field to?

Thanks for any help!