Re: Server manchmal nicht über RDP erreichbar
- From: "Daniel Melanchthon [MSFT]" <danielme@xxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 20 Jul 2005 17:40:04 +0200
Florian Schalk schrieb:
Unser HQ ist in Hamburg und wir haben über Cisco Router eine IP-Sec VPN Verbindung nach Oxford. Dort steht auch der fragliche Server.
Also wird schonmal verschlüsselt und das eventuell noch über eine PPPoE-Verbindung? Da könnte man auch an den zentralen Gateways ansetzen. Wenn es eine PIX ist, hab ich mal ein paar Infos für Dich parat. Wenn es ein normaler Router ist, heißt die Option etwas anders:
sysopt connection tcpmss
The sysopt connection tcpmss command allows you to set the minimum and the maximum TCP segment size. Both the host and the server can set the maximum segment size when they first establish a connection. If either maximum exceeds the value you set with the sysopt connection tcpmss command, then the PIX firewall overrides the maximum and inserts the value you set. If either maximum is less than the value you set with the sysopt connection tcpmss minimum command, then the PIX firewall overrides the maximum and inserts the minimum value you set. For example, if you set a maximum size of 1200 bytes and a minimum size of 400 bytes, when a host requests a maximum size of 1300 bytes, then the PIX firewall alters the packet to request 1200 bytes (the maximum). If another host requests a maximum value of 300 bytes, then the PIX firewall alters the packet to request 400 bytes (the minimum).
The bytes value can be a minimum of 48 and any maximum number. You can disable this feature by setting bytes to 0. By default, the PIX firewall sets 1380 bytes as the sysopt connection tcpmss maximum limit and 48 bytes as the minimum limit, even though this command does not appear in the default configuration. The default of 1380 bytes allows room for header information so that the total packet size does not exceed 1500 bytes, which is the default MTU for Ethernet. See the following calculation:
1380 data + 20 TCP + 20 IP + 24 AH + 24 ESP_CIPHER + 12 ESP_AUTH + 20 IP = 1500 bytes
If the host or server does not request a maximum segment size, the PIX firewall assumes that the RFC 793 default value of 536 bytes is in effect.
You might want to set the maximum segment size using this command so that the size is less than the MTU and packets are not fragmented. Large numbers of fragments can impact the performance of the PIX firewall when it uses the Frag Guard feature. Setting the minimum size prevents the TCP server from sending many small TCP data packets to the client and impacting the performance of the server and the network.
Nach der Rechnung solltest Du bei PPPoE das Kommando
Sysopt connection tcpmss 1372
verwenden, denn 1372 data + 20 TCP + 20 IP + 24 AH + 24 ESP_CIPHER + 12 ESP_AUTH + 20 IP + 8 PPPOE = 1500 bytes
Der Link zur Doku: http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/s.htm#wp1026942
-- ..:Daniel Melanchthon:. Technologieberater - Exchange Server http://blogs.technet.com/dmelanchthon This posting is provided "AS IS" with no warranties, and confers no rights. .
- Follow-Ups:
- Re: Server manchmal nicht über RDP erreichbar
- From: Florian Schalk
- Re: Server manchmal nicht über RDP erreichbar
- References:
- Server manchmal nicht über RDP erreichbar
- From: Florian Schalk
- Re: Server manchmal nicht über RDP erreichbar
- From: Amos Walker
- Re: Server manchmal nicht über RDP erreichbar
- From: Daniel Melanchthon [MSFT]
- Re: Server manchmal nicht über RDP erreichbar
- From: Amos Walker
- Re: Server manchmal nicht über RDP erreichbar
- From: Florian Schalk
- Server manchmal nicht über RDP erreichbar
- Prev by Date: Re: PowerChute von APC mit w2k3 und Sp1
- Next by Date: Re: PowerChute von APC mit w2k3 und Sp1
- Previous by thread: Re: Server manchmal nicht über RDP erreichbar
- Next by thread: Re: Server manchmal nicht über RDP erreichbar
- Index(es):
Relevant Pages
|
