I was able to setup policy based VPN to a government agency Cisco ASA. Problems occur with dropped packets making the services they provide us almost impossible to use. After working with their tech support team, i was informed that juniper devices do not count the L2 header as prt of the length of the frame (PPP=4 byte header) and this is causing a mismatch in the packet size which eventually leads to dropped packets instead of fragmenting them.
The course of action i was asked to take was to set my MTU to 1504. I logged into my juniper only to find out that this can not be done. Is there something i am missing or am i indeed out of luck in this regard?
I have juniper ns5gts, ns204, ns208 and all running screenOS 5.4.r12
If i have to upgrade please let me know. this is an option i can bring before my employer and maybe get an ssg device.
thanks