... > IP forwarding on BigIP has to be specifically enabled. Out of the box > it is setup as default DENY. In other words, only those IPs and services > setup with VIPs will get traffic. Also ICMPs are not passed, except for > Fragment/Dont Fragment. ... Ah. This might explain why a dual firewall with a BigIP in front of it might be able to talk to some hosts, but fail with large mail messages to certain MSW-NT servers. No packet size negotiation? This is important when going through a tunnel, since the tunnel envelope would take up some of what would otherwise be the usual packet size. Sound about right? -- Joe Yao jsdyat_private - Joseph S. D. Yao COSPO/OSIS Computer Support EMT-B ----------------------------------------------------------------------- This message is not an official statement of COSPO policies.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:42:09 PDT