PA-3020 ,7.1.8. PA has 3 tunnels with 3 sites. Site1 - PA200 on other side tunnel traffic fine. ping from site1 to subnet behind Pa3020 works with 1472 mtu and fails after that. Site2- Tried to migrated from ssg140 to PA-3020,other side Cisco 871. Traffic from PA-3020 to Site2 works fine. But from Site2 to PA3020 can only ping. rdp,mail,port 80 traffic not working. ping from site2 to subnet behind pa3020 works with 1394 mtu and fails with mtu above that. Site3-Same issue as Site2 ,but mail worked. rdp,port 80 traffic not working. ping from site 3 to subnet behind pa3020 works with 1410 mtu and fails with mtu above that. PA3020 traffic logs shows just minimal byte traffic compared to working tunnel where after initial tcp handshake traffic flows. Also packet capture shows retransmissions. ssg140 has set flow tcp-mss. All the tunnels have 1500 MTU size with no mss setup.
... View more