13.6. Length Limit Settings
This section contains information about the size limits imposed on the protocols directly under IP
level, such as TCP, UDP and ICMP.
The values specified here concern the IP data contained in packets. In the case of Ethernet, a single
packet can contain up to 1480 bytes of IP data without fragmentation. In addition to that, there is a
further 20 bytes of IP header and 14 bytes of Ethernet header, corresponding to the maximum media
transmission unit on Ethernet networks of 1514 bytes.
Max TCP Length
Specifies the maximum size of a TCP packet including the header. This value usually correlates
with the amount of IP data that can be accommodated in an unfragmented packet, since TCP usually
adapts the segments it sends to fit the maximum packet size. However, this value may need to be
increased by 20-50 bytes on some less common VPN systems.
Default: 1480
Max UDP Length
Specifies in bytes the maximum size of a UDP packet including the header. This value may well
need to be quite high, since many real-time applications use large, fragmented UDP packets. If no
such protocols are used, the size limit imposed on UDP packets can probably be lowered to 1480
bytes.
Default: 60000
Max ICMP Length
Specifies in bytes the maximum size of an ICMP packet. ICMP error messages should never exceed
600 bytes, although Ping packets can be larger if so requested. This value may be lowered to 1000
bytes if using large Ping packets is not desirable.
Default: 10000
Max GRE Length
Specifies in bytes the maximum size of a GRE packet. GRE, Generic Routing Encapsulation, has
various uses, including the transportation of PPTP, Point to Point Tunneling Protocol, data. This
value should be set at the size of the largest packet allowed to pass through the VPN connections,
regardless of its original protocol, plus approx. 50 bytes.
Default: 2000
Max ESP Length
Specifies in bytes the maximum size of an ESP packet. ESP, Encapsulation Security Payload, is
used by IPsec where encryption is applied. This value should be set at the size of the largest packet
allowed to pass through the VPN connections, regardless of its original protocol, plus approx. 50
bytes.
Default: 2000
Max AH Length
13.6. Length Limit Settings
Chapter 13. Advanced Settings
566
Summary of Contents for NetDefend DFL-1660
Page 28: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 28 ...
Page 88: ...2 6 3 Restore to Factory Defaults Chapter 2 Management and Maintenance 88 ...
Page 166: ...3 10 DNS Chapter 3 Fundamentals 166 ...
Page 254: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 254 ...
Page 268: ...5 4 IP Pools Chapter 5 DHCP Services 268 ...
Page 368: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 368 ...
Page 390: ...7 4 7 SAT and FwdFast Rules Chapter 7 Address Translation 390 ...
Page 414: ...8 3 Customizing Authentication HTML Pages Chapter 8 User Authentication 414 ...
Page 490: ...9 8 6 Specific Symptoms Chapter 9 VPN 490 ...
Page 528: ...10 4 6 Setting Up SLB_SAT Rules Chapter 10 Traffic Management 528 ...
Page 544: ...11 7 HA Advanced Settings Chapter 11 High Availability 544 ...
Page 551: ...12 3 5 Limitations Chapter 12 ZoneDefense 551 ...
Page 574: ...Default 512 13 9 Miscellaneous Settings Chapter 13 Advanced Settings 574 ...
Page 575: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 575 ...