Large certificates or UDP fragmentation can cause IKE negotiation to fail on RHEL 6
Issue
IPsec connections can not be established if the client is behind a device that rejects fragmented UDP packets and large X.509 certificates (>1024 bits) are used for authentication. This issue can also be seen when using very poor quality, lossy connections.
Environment
Red Hat Enterprise Linux (RHEL) 6
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.