25 Apr 07 20:30
This Juniper KB may help. If the MTU does work, there may be an Exchange predefined service. This is configured with the appropriate settings for Exchange, so I would add another rule and test. Are your Exchange users configured in cache mode? Keep me posted.
Steps to resolve:
1. Makes sure flow, MTU, and MSS settings are fine tuned to avoid fragmentation. The following settings have helped in a number of environments, but you may need to tune these settings differently for your environment.
set flow tcp-mss
unset flow tcp-syn-check
unset flow tcp-syn-check-in-tunnel
set flow all-tcp-mss 1350
set flow tcp-mss 1350
set flow max 1250
set flow path-mtu
2. Make sure above settings match both on the local and remote IKE gateways using the 'get config | inc flow' or 'get flow' command.
3. If the above does not help, there may be an issue with the MS RPC communication. The Microsoft Exchange server communication uses the MSRPC protocol. If the clients performing the MS RPC communication are using a policy on the NetScreen with the ANY service, then upgrade to ScreenOS 5.3.0r4, or as a work-around configure the clients to use a policy with a specific service MS-RPC-ANY.