How to enable Path MTU Discovery in Juniper Netscreen Firewalls (ScreenOS)
2008-02-20
If you have site to site IPSec VPNs configured between two network with your Juniper Netscreen or SSG firewalls and clients from one network access servers or services from the other network then it is advisable to enable Path MTU Discovery support on the Juniper firewalls. Juniper Netscreen or SSG firewalls running Screen OS by default disable the Path MTU Discovery support. This means, when an IP Packet with DF bit set ("1") in the ip Header and its size after IPSec Encapsulation is more the MTU of the Juniper VPN Firewall arrives at the VPN Firewall, the firewall will ignore the "DF" bit andRead More →