AD RMS, the black hole in Microsoft Licensing

Similar Messages

• Will we get The Black Hole soundtrack that is on the US Itunes in the UK???

  As usual the UK version of Itunes is way behind the US one. They seem to have a far better database of film music than the UK one. Will we be getting the Black Hole soundtrack that has recently been posted on the US store?

  Sorry, but we're all just your fellow users here and have no way of knowing what may or may not appear in an given country's iTunes Store. You can submit suggestions for the iTunes Music Store through the feedback page (make sure you clearly specify which country's iTunes Store you're referring to). Whether or not your suggestion will ever be acted upon will depend on a number of factors, some out of Apple's control (to start with, the artists and record companies have to be willing to license the tracks to Apple for your country), so don't expect instant action.
  Forum Tip: Since you're new here, you've probably not discovered the Search feature available on every Discussions page, but next time, it might save you time (and everyone else from having to answer the same question multiple times) if you search a couple of ways for a topic, both in the relevant forums, in the User Tips Library and in the Apple Knowledge Base before you post a question.
  Regards.

• Native VLAN and the "Black Hole"

  While reviewing the configuration of a network that I'm supporting, it seems that the original design of the network has the black hole VLAN as the native VLAN.  At the least this seems incorrect, and possibly very dangerous, but I'm not exactly sure why or how to articulate that.  Can someone confirm or deny this suspicion?
  In addition, I had two further questions regarding the practice of using a black hole VLAN:
  1.  If you have any unused ports, it seems more practical to just admin down these ports instead of creating an unused VLAN.  Is there some added advantage to ALSO putting these ports in an unused VLAN (e.g. 999)?  If the port was needed, you can simply admin up the port, during which time you could also change any needed VLAN configurations.  In other words, you'd have to log into the device and make changes whether you went with the admin down method, the Black Hole VLAN method, or both.  So what's the point?
  2. Assuming you do use the Black Hole VLAN as an added security method, I feel that including that VLAN in the "switchport trunk allowed vlan" command is counterproductive, but I'm not fully able to articulate why.  Can someone help me with this?
  Thanks for any information or suggestions that you may have.

  Assuming you mean a vlan for unused ports when you refer to a black hole vlan. If so the key things are  -
  a) that vlan does not have a L3 vlan interface (SVI) for it as there is no need to route it
  b) any unused ports are shutdown
  if you follow the above then I can't see the danger in using the native vlan but I wouldn't do it regardless of that. I would have a dedicated native vlan and a separate vlan for unused ports.
  To  my mind there should be no ports allocated to the native vlan (other than trunk ports obviously).
  The benefit of using a dedicated vlan for unused ports is -
  a)  it provides an additional level of security. People make mistakes and having to do multiple things to enable a port requires more attention than simply doing a "no shut" on the interface.
  The more attention someone is paying the more likely they will get it right or at least the less likely they will make a mistake.
  b) if you don't use an unused vlan you are leaving all the ports in the default vlan which is vlan 1 and this should be avoided as this vlan is overused already eg. switch control plane traffic is sent on this vlan for example and often the switch management interfaces are in this vlan.
  As far as allowing the unused vlan on trunk links it is totally unnecessary and in fact you really don't want to do that. The idea of the unused vlan is for non communication so it would make no sense to allow it on trunk links.
  In my last place of work we used vlan 998 as the unused vlan and vlan 999 as the native vlan.
  Neither had an SVI for it.
  If by black hole vlan you meant something else then please clarify.
  Jon

• A WEB ORDER TRANSACTION EATEN UP BY THE BLACK HOLE

  I'll spare you the pain of my two-day, five-hour experience of being shuttled around the globe via the HP phone-system-from-hell and just present a simple question: Is there anybody in HP who can find any information about the Recovery Disks order I paid for on-line?
  Message Edited by DaniW on 01-21-2009 12:11 PM

  Sorry for contributing to an off topic post...but_zenny ends 2 days of agony with a nod of appreciation to his rescuer and  a bit of humor.
  KUDOS!
  ******Clicking the Thumbs-Up button is a way to say -Thanks!.******
  **Click Accept as Solution on a Reply that solves your issue to help others**

• Inaccessible items - builder's black holes

  Hi folks,
  There are places in this splendid product where you just can't get what you need. The HTMLDB app itself has reports with a arbitrary maximum rows and no pagination. Hmm.
  So:
  1 - if you use a lot of app-level items (as I do, it's a non-trivial app), you cannot see them all in the Session popup. You CAN sort, so you can see the first few and the last few BUT you can't see the ones in the middle.
  2 - you can create a stacked bar chart with many series, BUT the Chart Series report region (page 232 of app 4000) only shows 15 rows. Without noticing this problem, I created a chart (which works fine) with 20 series, and I now need to modify series 16 - and I CAN'T!
  I can live with problem 1, but I don't see a workaround to problem 2 (other than hand-editing an export - v. dodgy).
  Please tell me that these whoopsies will be removed in the next release, and more pressingly, tell me if there's anything I can do about problem 2.
  Many thanks
  John D

  Sergio,
  Pleased to hear of the Metalink proposal.
  I can't really import my app - it's dependent on 4000+ database objects.
  To investigate the 'inaccessible' global items problem, try creating an app with (say) 100 application level items. Run a page and pop up the Session window and you'll see what I mean.
  It strikes me that good design principles for any app (the Builder included) would be:
  - except where there's a specific reason why not, all columns of any multi-row report region should be sortable;
  - except where there's a specific reason why not, any multi-row report region should be controlled by a Number Of Rows Item;
  - except where there's a specific reason why not, any multi-row report region should have either a pagination scheme (preferred) or MaxRowCount set to an improbably large number;
  Applying these principles to the Builder app would obviate the 'black hole' problem. Maybe they'll be applied in 2.0?
  As you'll know from previous posts I think HTMLDB is excellent. A few more tweaks (see below) and I'll run out of adjectives.
  Thanks,
  John
  Yet more wonderful:
  - renumber a page, with changes cascaded through all references (tricky I agree, but feasible)
  - copy a region AND its items from App A1 Page P1 to App A2 Page P2
  - define multiple application-level date-picker formats
  - define re-useable tree templates
  - define tree queries with normal SQL: i.e. START WITH <prior> IS NULL. At the moment, an HTMLDB tree needs a singe root node, but SQL doesn't demand this and it's not real-world, so I have to create views to introduce a dummy root node.
  - drag and drop on tree nodes built in to tree functionality
  - define the button to be used for a File Browse item
  - enable multiple file selections with a single File Browse item
  - define a default template for Form items which applies itself by default to ALL form items
  - application-wide search (and maybe replace, even) of LOWER(<string>)
  - ... er, can't think right now...

• Policy routing and black hole filtering on 6500

  I have a 6500 with many SVIs configured and every one with multiple ip addresses. The users are accessing the network through these SVIs. For access control I use the black hole filtering method by dinamically injecting static routes to Null 0 for every user that is not authenticated.
  But I need these users to reach one server to authenticate.
  Is there a way to do this besides putting the server inside every VLAN ? Something like policy routing all the packets to the server to exit the server interface and the response packets to reach the user bypassing the global routing table ? Maybe using a vrf for the server only ?
  Thanx.

  Dave Northampton UK here.
  We seem to have different consumer laws to US it seems?
  Here the RETAILER is wholly responsible for the goods he sells. If such a case as this arose there would be NO time limit of 15 days, if the goods were found not to be of "merchantable quality" the time factor would not matter, certainly up to a year!
  Certainly a retailer can take matters up with their supplier/manfctr but the CUSTOMER must get a new, working product PDQ or a total refund..IN CASH or put on a card, no credit notes or any other such swaddling!
  Of course! Many shops wriggle and tell people porkies but in the end that is da law!
  Dave.

• Reactivation Black Hole

  You are now entering the reactivation black hole! Have spent the last 6 weeks trying to get my case resolved with no success.
  Summary
  1. Reactivation for Master Collection CS3 prompted reactivation. Reactivation failed. Called support and still failed with them as well.
  2. Sat on hold for 5 hours again and was told to de-install.
  3. De-install did not work and used cleaner at level 4 which allowed me to re-enter the serial number but also removed Acrobat professional and Director 11.5. Have also Production Premium on a second system as well. New activation only allows me to enter Production Premium serial with a check mark and not Master Collection which shows and X.
  4. Oh wait, where are the download installs for CS3. No longer available depending on when you purchased them.
  5. Running only a few programs with Production preium serial as Master Collection serial is not recognized and does not work even though it is in my registed history with Adobe.
  6. I never asked to go through this reactivation process and was happy with CS3 till software stopped working and was forced to enter the black hole.
  7. From what I can tell there is no resolution possible here.
  8. Guess the only way out is to find a crack that will bypass this mess Adobe has created since they are unable to resolve this after 6 weeks and many hours on my part installing and reinstalling only some of the installs as not all are still available for CS3. I only use fully purchased software, however if this is the only way out is to crack it, well that is it, I give up.

  Hello Lance,
  I answered a query like this I think 2 days ago...
  So you want to filter traffic via the botnet feature ( you will need to make sure the ASA has access to the internet ofcourse so it can contact the Security Intelligence Servers )
  The ASA will drop the packets if they are spoofed and you have  the RPF check on.
  If the traffic goes to nowhere the ASA ofcourse will drop it ( No route to host x.x.x.x)
  And if we receive a SYN-ACK where there has not been a SYN, traffic will be drop due to the TCP inspection failure (unless u configure a TCP state bypass)
  Julio
  Remember to rate all of the helpful posts.
  For this community that's as important as a thanks.

• Safari 5.1 in iMac OS X 10.6.8.Adding Bookmarks to "unsorted Bookmarks" folder puts them in a black hole.  I can't find the "UB" folder.  Where is it? Should I add it to the folder list somewhere on the left pane? OR? Help, please!

  Safari 5.1 in iMac OS X 10.6.8.Adding Bookmarks to "unsorted Bookmarks" folder puts them in a black hole.  I can't find the "UB" folder.  Where is it? Should I add it to the folder list somewhere on the left pane? OR? Help, please!

  It looks like that the installation process of one of the applications have caused some trouble. One of them may have changed or added kext files.
  For that, the Window server crashed if you try to open a non Apple application like Firefox
  Start the system in safe mode by holding the shift key on power on.
  If save mode is reached, perform a permissions repair with the Disk Utility.
  Don't bother about upcoming warnings like "could not repair file xy" as that occur cause you use the tool on a running system and opened files can not get touched by the tool.
  After repair is done reboot system to normal and try to open Firefox.
  If the problem persits, please report back here.
  Lupunus

• I purchased songs via my ipod touch.  when I sync'd my ipod touch with my computer, the songs I purchased disappeared into a black hole... how do I get them back without having to repurchase?

  i purchased songs via my ipod touch.  when I sync'd my ipod touch with my computer, the songs I purchased disappeared into a black hole... how do I get them back without having to repurchase? 

  On your iPod Touch, open the iTunes app. There should be tab named "purchased", which shows all your purchase history. Choose the "Not on this iPod" tab and you'll get a list of purchased products that are not on your device. Hope this helped.

• TS2755 After 'upgrading' to iOS 7.0.2, I am unable to send or receive photos in iMessage. With the previous iOS, it was no problem.  Is there a fix?  Apple support is the usual 'black hole' that ***** up endless time.

  After 'upgrading' to iOS 7.0.2, I am unable to send or receive photos in iMessage. With the previous iOS, it was no problem.  Is there a fix?  Apple support is the usual 'black hole' that ***** up endless time.

  Apple guys are deleting posts. I have found my posts have been deleted. Apple should MUST let us downgrade at least to previous release from current which was working fine.

• How is it possible that the black ipad 2 64 gb is sold out in hole Sweden, Hong Kong, Shanghai, Boston and Memphis at the same time!?

  How is it possible that the black ipad 2 64 gb is sold out in hole Sweden, Hong Kong, Shanghai, Boston and Memphis at the same time!?

  Because Apple can't get enought of them made to cover the demand, obviously. The iPad has been extremely popular and would probably be in short supply in any case, but the various disasters that have struck portions of the supply chain can't have made things any easier.
  Regards.

• Vista Wont boot, stays in the black loading "Microsoft" screen.

  Ok, I'll try to give you as much info as possible.
  So I was running vista fine until it started to get extremely slow to boot, and eventually wouldn't boot at all. I erased the partition and tried to install it again. Even at the black loading screen on the installer disk after "Windows is configuring files" or whatever the same would happen. So now I created a bootcamp partition and used it to back-up everything with time machine. Restored my mac, updated everything, restored and erased partition(btw each partition I made was 100 gig). Tried installing it again, STILL get the black screen. I also noticed that each time in the black screen, the green bars that would run across the box in the middle of the screen would eventually slow down if you waited long enough, as if some kind of lag was there after waiting awhile. Oh and right before vista started acting weird, I installed a ton of programs I needed, but maybe one of them was a virus or something? But I don't think that matters because I erased my whole partition completely. I have tried everything I know, please help!
  Message was edited by: LostprophetVII
  Message was edited by: LostprophetVII

  Well, I have found the answer to my problem. It wasn't the cd drives, which I was almost certain I was. It is my video card:
  http://infopirate.org/new-vista-install
  If you look under similar entries also you will find more people experiencing the same problem, but this one I gave you is by far the most similar problem and reasonable solution I found. But now, my question is, what is the solution for me??? Do I have to schedule it for a repair in my local mac store to swap the video cards(the one I have in is an ATI Radeon X1600), or can it be swapped at all??? Help I really need to use vista!!
  Message was edited by: LostprophetVII
  Message was edited by: LostprophetVII
  Message was edited by: LostprophetVII

• Black Hole in Filesystem

  As in http://discussions.apple.com/thread.jspa?threadID=1957127&tstart=0 treated I had the problem, that finder info shows the size of Document folder in its size, the tool Whatsize was showing 0 Bytes, before and after cloning the volume.
  Now I putted the content of my document folder per drag and drop to a folder situated in an other of my folders, and finder info shows ists size, Whatsize does not (0 Bytes); it seems, I have copied a black hole in the size of the content, compensating the size, or....
  it is not dangerous, but interesting.
  __ k.

  At the install-procedur of a new version of Whatsize I saw the license is limited, free only up to 20GB. Maybe it was on my old version too, and I have forgotten this.....
  _________ best regards to the community, Karl

• Unable to start Lync 2013 FE service on one of the pooled server, error "The evaluation period for Microsoft Lync Server 2013 has expired"

  Team,
  Unable to start FE service on one of the FE server, 2 Enterprise lync 2013 pool one FE in each pool, only following error in event vrw,
  Log Name:      Lync Server
  Source:        LS Server
  Date:          12/30/2013 12:10:55 PM
  Event ID:      12290
  Task Category: (1000)
  Level:         Error
  Keywords:      Classic
  User:          N/A
  Computer:      ACS465-BH102.me.ykgw.net
  Description:
  The evaluation period has expired.
  The evaluation period for Microsoft Lync Server 2013  has expired. Please upgrade from the evaluation version to the fully licensed version of the product. Look at help for Setup.exe to learn how to upgrade from evaluation version to the licensed version.
  Cause: The evaluation period for Microsoft Lync Server 2013  has expired.
  Resolution:
  Please upgrade from the evaluation version to the licensed version of the product. Look at help for Setup.exe to learn how to upgrade from evaluation version to the licensed version.
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="LS Server" />
      <EventID Qualifiers="50152">12290</EventID>
      <Level>2</Level>
      <Task>1000</Task>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2013-12-30T09:10:55.000000000Z" />
      <EventRecordID>73953</EventRecordID>
      <Channel>Lync Server</Channel>
      <Computer>ACS465-BH102.me.ykgw.net</Computer>
      <Security />
    </System>
    <EventData>
    </EventData>
  </Event>
  Log Name:      System
  Source:        Schannel
  Date:          12/30/2013 12:13:36 PM
  Event ID:      36888
  Task Category: None
  Level:         Error
  Keywords:      
  User:          SYSTEM
  Computer:      ACS465-BH102.me.ykgw.net
  Description:
  The following fatal alert was generated: 10. The internal error state is 1203.
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Schannel" Guid="{1F678132-5938-4686-9FDC-C8FF68F15C85}" />
      <EventID>36888</EventID>
      <Version>0</Version>
      <Level>2</Level>
      <Task>0</Task>
      <Opcode>0</Opcode>
      <Keywords>0x8000000000000000</Keywords>
      <TimeCreated SystemTime="2013-12-30T09:13:36.779033200Z" />
      <EventRecordID>83985</EventRecordID>
      <Correlation />
      <Execution ProcessID="556" ThreadID="3668" />
      <Channel>System</Channel>
      <Computer>ACS465-BH102.me.ykgw.net</Computer>
      <Security UserID="S-1-5-18" />
    </System>
    <EventData>
      <Data Name="AlertDesc">10</Data>
      <Data Name="ErrorState">1203</Data>
    </EventData>
  </Event>
  Server is already on Full version, ran Reset-CsPoolRegistrarState
  for fillrest as wel as serviceret
  Followed below as well,
  http://social.technet.microsoft.com/Forums/lync/en-US/2a7e27ce-2dea-4e37-91ea-1ed42e110198/issue-updating-from-eval-to-volume-licenses?forum=ocsplanningdeployment
  Currently done failover to another pool and users can login,
  however i cant get the front end service on this server.Any pointers would be appreciated.
  Praveen | MCSE Messaging 2003

  rit, the command is not doing the trick since its already full version,
  PS C:\Users\lyncadmin> Get-CsServerVersion
  Microsoft Lync Server 2013 (5.0.8308.0): Volume license key installed.
  only one server in one pool, total two pools.
  Lync 2013 is on Win 2008 R2, and the event in system im inclining to since i have tried all,
  Log Name:      System
  Source:        Schannel
  Date:          12/30/2013 9:26:34 AM
  Event ID:      36888
  Task Category: None
  Level:         Error
  Keywords:      
  User:          SYSTEM
  Computer:      ACS465-BH102.me.ykgw.net
  Description:
  The following fatal alert was generated: 10. The internal error state is 1203.
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Schannel" Guid="{1F678132-5938-4686-9FDC-C8FF68F15C85}" />
      <EventID>36888</EventID>
      <Version>0</Version>
      <Level>2</Level>
      <Task>0</Task>
      <Opcode>0</Opcode>
      <Keywords>0x8000000000000000</Keywords>
      <TimeCreated SystemTime="2013-12-30T06:26:34.877077500Z" />
      <EventRecordID>64911</EventRecordID>
      <Correlation />
      <Execution ProcessID="556" ThreadID="620" />
      <Channel>System</Channel>
      <Computer>ACS465-BH102.me.ykgw.net</Computer>
      <Security UserID="S-1-5-18" />
    </System>
    <EventData>
      <Data Name="AlertDesc">10</Data>
      <Data Name="ErrorState">1203</Data>
    </EventData>
  </Event>
  Praveen | MCSE Messaging 2003

• PMTU-D Black Hole Detection Missing?  Cause of some conn hangs.

  In looking through the kernel source, it appears that Apple has left out one of the most important parts of Path MTU Discovery (RFC1191) as suggested in RFC2923. Since Path MTU Discovery is enabled by default, this may cause some of you to have 15 minute hangs and ultimate termination of connections when large packets are sent to specific hosts.
  Other than DNS and Wireless network drops, MTU settings appear to be one of the single most problematic things going on with OS X right now.
  For those who are not familiar with MTU, here's a brief rundown.
  10/100 Ethernet networks support a base MTU of around 1514 bytes. This is the max number of bytes that a packet is able to be in order to get put on an Ethernet network (and be within spec). Gigabit Ethernet allows for larger, but we won't go into that.
  You're probably more used to hearing 1500, however, that is the MTU for IP (or the Ethernet payload) as the Ethernet header itself is 14 bytes.
  In that 1500 bytes, you have to fit your IP header, ICMP/TCP/UDP header, and any higher layer protocols and data, each layering on top of the next.
  |<--Ethernet (14 Bytes)--><--IP (20 Bytes)--><--TCP (20 Bytes)--><--Data (1460 Bytes)-->|
  So that is how things look on a local area network.
  Once the WAN comes into play, the Ethernet header is stripped off leaving only the IP packet and another header put in its place to get it over the next link. This process goes on and on and on until the packet finally reaches its destination.
  But here's the problem - what if there is ANOTHER layer between the Ethernet and IP stack?
  This is actually quite common and you're probably using it now. The protocol PPP over Ethernet (PPPoE) fits between the Ethernet header and the IP header and adds another 8 bytes to this packet size.
  So now we end up with:
  |<--Ethernet (14 Bytes)--><--PPPoE (8 Bytes)--><--IP (20 Bytes)--><--TCP (20 Bytes)--><--Data (1452 Bytes)-->|
  Notice that we now can't put as much data in this packet or we'll end up with a packet that is too big to fit on the Ethernet network.
  The PPPoE header will ultimately get taken off once the packet gets where it needs to go at your ISP, but there may be other 'tunnels' between you and your ultimate destination and continue to strip off space of how much data you can put into a packet.
  So how do you know how much data you can put into a packet when you don't own or know anything about the network between you and the destination?
  That's where Path MTU Discovery comes into play.
  It used to be that IP packets would be fragmented (split up) if a packet was too big to get put on the next network. This process of fragmentation causes overhead for both the router having to split up the packets and the receiving device that has to put them all back together again (and make sure they go in the right order).
  So in order to reduce this overhead and also ensure that you are always sending the largest packets possible from end to end, IP stacks started setting the 'Don't Fragment' bit in the IP header. This instructs routers to throw away the packet if it is too big when it gets there.
  When the packet gets thrown away due to it being too large, the router that throws it away also sends an ICMP packet (an IP diagnostics message) back to the sender telling it what the MTU is of the interface that couldn't take the packet. The sender can then re-calculate things based on that value and resend.
  This works great EXCEPT when there are firewalls in the way (or broken routers, which is less likely these days). Many firewalls will not allow these ICMP messages to go back to the sender. Therefore, your host never receives the message that it is supposed to reduce the size of the packet and keeps trying and trying for about 15 minutes until it finally dies.
  This is one reason why you may be seeing long hangs that ultimately end in termination of your connection.
  RFC2923 goes into some options to work past this issue.
  One way that this can be done, Windows Vista for instance does this, is for the system to keep an eye on how many max sized packets get retransmitted. After a certain number (lets say 5), the system assumes that it is not getting this ICMP notification and cuts the size of that packet in half so it can now get the data through - assuming that smaller packets are better than no packets getting sent.
  It may also (and does with Vista) temporarily disable the setting of the 'Don't Fragment' bit and allow the routers to just take care of things. So in Vista, you'll see the page stutter for a second, and then continue to load, where an OS X system will sit there and hang for 15 minutes.
  This is where OS X goes wrong. This behavior is called PMTU-D Black Hole Detection and does not appear to be in the IP stack for Leopard (and probably not previous releases).
  So what can you do.
  You have a few options, some of which I've already provided to a few folks (although without the mathematics so it's just a rough guess value).
  First, you can just disable PMTU-D. The command to do this is:
  sudo sysctl -w net.inet.tcp.pathmtudiscovery=0
  This is a 'quick fix' but does eliminate the benefits that PMTU-D provides.
  Second, you can calculate out what size MTU seems to work for you by working backwards and configure that on something within your control.
  If your home router supports it, that's a good place to reduce the MTU since it only comes into play when you're using your Internet connection and not when hosts within the same network talk to each other. So if you place the MTU of 1472 on your router and your host sends it a 1500 byte packet, it will send back the ICMP message telling you to reduce it down to 1472.
  If your router doesn't support it, you can reduce the MTU on your macs physical interface. This isn't always the best solution since you really should then reduce the MTU on each of your local systems or you could run into issues locally.
  The command to do this is:
  sudo ifconfig en1 mtu 1472
  To make this permanent for Ethernet, set it in the Network settings. For Airport, search the forums. I provided an update you can make to one of the preferences files manually to do this (don't remember what file right now).
  I have found a couple of sites (Washington Mutual's website for instance) that appear to have configuration issues internal to their network in which a device behind a firewall (possibly the web server, load balancer, or IPSec added) that may have an MTU less than 1500 set on it AND a firewall blocking ICMP packets from coming back. These sites will throw off your math since you can no longer assume a max size of 1500 for IP packets. In this specific case, you have to assume 1480.
  Third, you can adjust the MSS setting (Max Segment Size) in the kernel to a value that is 20 bytes smaller than what you would otherwise set the MTU to. This ensures that the TCP stack doesn't put more than that amount of data in any single packet (therefore, eliminating the MTU issue), however, this will not work for UDP.
  Finally, you can submit a bug report to let Apple know that PMTU-D Black Hole detection is something that we need.
  So what kind of impact does this have on performance?
  This will depend on what solution you choose, what the performance of your home router is, and the load on the various servers that have to potentially re-assemble the packets.
  That said, knocking things all the way down to 1400 bytes, I am able to still get at least 15 Mbps up and down stream over the Internet.
  If you have any questions on this post, please post and i'll do my best to respond. Hopefully this will help one more person resolve their performance issues with Leopard.

  Hi Karsten and thanks for the suggestion!
  I have exempted internal networks and can connect them via the VPN connection. I also got connectivity to the outside world with nat (outside,outside) and 'same-security-traffic permit intra-interface'.
  A question remains though. At the moment, all traffic gets out of the network through the 'outside' interface IP (.22). I'd rather use a dedicated address from the /29 on GigabitEthernet0/0. Is this possible to achieve that? To put it differently, I'd like to NAT the VPN range onto an address that is not the 'outside' interface, like I did in this statement, for instance:
  nat (v200,outside) source dynamic v200_private v200_public
  My other question is, whether the single NAT statement [nat (outside,outside) dynamic interface] is sufficient for VPN traffic and whether the original statement can be removed [nat (vpn,outside) source dynamic vpn_pool vpn_public].
  Thanks once again for the tips!
  R.