Hello everyone,
I am following this doc to send unencrypted data to IDS over a L3 ip tunnel.
https://docs.netscaler.com/en-us/citrix-adc/current-release/content-inspection/intrusion-detection-system-for-l3
However, I see that IDS device does not receive some of the packets. On further debugging, the packets which were dropped at netscaler are of size >=1460 (MSS set on NetScaler).
Idealy, NetScaler should forward the packets to IDS as it is adding addditional 20 bytes for IpTunnel. So If client or server packets are of 1460 bytes, then either NS should forward a packet of 1480 bytes to IDS device, or it should break it into two packets(when dropFrag is disabled in global iptunels param).
Is there any additional config which I am missing?