netbsd-help: PMTU-DISC. with NAT

Subject: PMTU-DISC. with NAT
To: bsd-help (E-mail) (E-Mail) <netbsd-help@netbsd.org>
From: Nicolas Saurbier <Nicolas.Saurbier@biodata.de>
List: netbsd-help
Date: 05/19/2003 13:09:19

Hi,

does PathMTU-Discovery work throu NAT???


Server ----Firewall1-----Firewall2--------Internet------VPN_Client
		  NAT	          |
			          |
			          |
			        NetBSD		 =20
			       IPsec-GW

The Server is NATed on Firewall1.
IKE works fine...
ESP works fine (small packets)...
ICMP is allowed and works...
Big Packets don=B4t work! I can see, that NetBSD ist trying a =
PathMTU-Disc.
(TCPdump "Fragmentation needed") but it seems, that the server doesn=B4t =
react.
It=B4s a 2000 Advanced Server so it should obay that PMTU-stuff !?!?!?
Is there a problem with that NAT? What does the DATA-part of the =
ICMP-packet
("fragmentation needed") contain? Are IP-Adresses included in there?


Any Idea

NIC