Vista Question?

Main4ce · Post by **Main4ce** » Wed Apr 16, 2008 2:37 am

You guys have any idea why we would be getting this error after a fresh Vista installment "Routing tables changes violate security policy"

Only have the 1 NIC card so its not that?

thor · Post by **thor** » Wed Apr 16, 2008 5:22 am

a fresh new formated disk? I have no clue? Not my field... sorry.

But since you already are here; shall we fly one day? I got my new yoke thing going. need some adjustments on rudder pedals, but all in all it works. (my g15 keyboard's special keys don't work...)

Main4ce · Post by **Main4ce** » Wed Apr 16, 2008 6:40 am

I'll be online tonight....about 20:30 - 21:00 CET or for Ben that plus 1 GMT!

thor · Post by **thor** » Wed Apr 16, 2008 7:34 am

CC main! I'll be home about 21.30 CET (19.30 GMT)

Codguy · Post by **Codguy** » Wed Apr 16, 2008 7:41 am

I'll try to meet up with you guys this afternoon (evening)!

Unless you two want to have some sort of super-secret Euro party and don't want some rude American crashing it

thor · Post by **thor** » Wed Apr 16, 2008 7:46 am

Codguy wrote: ...

Unless you two want to have some sort of super-secret Euro party and don't want some rude American crashing it

Secret party with a scott? They are to loud...

Codguy · Post by **Codguy** » Wed Apr 16, 2008 8:04 am

Touche'

Reddog · Post by **Reddog** » Wed Apr 16, 2008 8:37 am

What is giving the error scott the game?, trying running it as administrator

Main4ce · Post by **Main4ce** » Wed Apr 16, 2008 9:55 am

No no...Our company IT admin drop by today and ask me if I knew what his problem could be ...a fresh installment of Vista on a laptop that give the above error when trying to connect to the VPN which seems to be down ...

I found this but it didn't help:

Q:
I am using a Nortel Contivity client to connect to a vendor network. Usually within a few minutes of connecting I get an error stating "Routing tables changes violate security policy". I have been running ethereal to see what is going on. At the moment the tunnel disconnects, the remote host sends me an ISAKMP packet to the destination port that I sent my last ISAKMP packet from. Then my pc sends an ICMP packet back with "Destination Unreachable (Port Unreachable)". It seems like after a variable amount of time the port becomes unavailable. This is happening on every pc I try on this network. I have setup a test pc and tried changing some registry parameters such as the MTU size and EnablePMTUDiscovery='0' but it still does not work.

Does anyone have any suggestions or run into this problem before?

Answer:

I ran into this problem before. Even if it says Routing tables changed... it's not. It's actually because your TCP MSS value has changed.

You have your MTU set, but your MSS is MTU - TCP Header - IP header.

What does that mean. You're sending packets that have the DF bit set. Meaning, they can't be fragmented. They reach a certain router that will need to fragment your packet, so he will send you back a packet Destination Unreachable. In that same packet, he's sending you the Maximum Segment Size (MSS). Your computer will take it and will change his own MSS. This is where you get your Violation in your Security Policy.

But I guess its something similar as we do have Nortel!

btw: Jocks are only loud after 4 beers!