cancel
Showing results for 
Search instead for 
Did you mean: 

Network Connect - MTU, black hole router detection, etc.

kenlars_
Super Contributor

Network Connect - MTU, black hole router detection, etc.

I'm running 6.5r7. I've got a user who has a problem with a specific app timing out when they are using Windows 7. The application does not time out if they use a Windows XP machine against the 6.5r7 SA or if they use a Windows XP or Windows 7 through a SA running 6.3r4. MTUs on internal and external ports are 1500 on all servers.

It appears that a packet does not make it from client machine to application server through the NC tunnel - it shows up in the packet trace on the NC adapter on the client machine, but does not appear in a packet trace done on the internal interface of the SA. I am guessing that it is being discarded somewhere in its path over the Internet because the packet is too large for the path - can't prove this, of course. Since the router discarding the packet cannot return an ICMP packet, I'm assuming that path MTU discovery doesn't work all that well.

The Windows 7 machine apparently has PMTU black hole router detection turned off - at least the key to enable it is not in the registry. I don't know if it is enabled on the Windows XP machine.

So, my question is - does it make sense to enable PMTU black hole router detection by setting HKLM\System\CurrentControlSet\Services\TCPIP\Parameters\EnablePMTUBHDetect to 1? Is that likely to solve the problem? Is it likely to cause other problems? Thanks -

Ken