Hi, i've setup ipsec IKE site-to-site vpn with ISA 2004 (port forward) and now i have problems accessing the page on the other end. I THINK the problem is MTU packe size. Maximum allowed MTU over VPN tunnel is 576. When i try to access the https page on other side i can't but ping passes. I discovered that options that are put in packes are problematic. So when i enter https://IP in browser i logged the traffic on network interface on my VPN server. 10:08:09.092464 IP (tos 0x0, ttl 127, id 10999, offset 0, flags [DF], proto TCP (6), length 52) 172.16.1.125.57885 > 10.156.149.151.443: Flags [S], cksum 0xa0b2 (correct), seq 247819781, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0 If web request goes without [mss 1460,nop,wscale 2,nop,nop,sackOK] i can access the page on other side. I tried setting MTU of machine which is accessing the web site to 576 and on the VPN server on my end but that didn't help. Request would go always with that mss 1460 setting. It is unclear to my why sometimes web requests go without options and most of the time with those options. How do i disable those settings?

Hi, The MSS is TCP Maximum Segment Size which defines the maximum amount of data that a host is willing to accept in a single TCP/IP datagram. For a better analyzing, I suggest you upload the full network traffic package in this post. Alex ZhaoPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi, it looks like the route was problem. I've put static route on the gateway so all computers in LAN can go to that site, but for some reason ping was going trough and https wouldn't. After i put the route locally on my machine web page started to work. That is really strange, so i have no idea why was that problematic. Regards, Damir