Problems sending large packets through IPSec tunnel

Unanswered Question

We currently have a IPSec tunnel between a pix 515 in our main office and a 2801 router at our branch office. The tunnel appears to be having fragmentation issues (problems sending large packets through our network), which is causing several of our programs not to work. We have set the MTU size on the outside interface of the PIX to 1400 bytes and we have set the TCP MTU path discovery on the 2801 router. Does the PIX 515 OS ver 6.3 utilize frag guard or some other feature that could be causing this problem?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
krishnakomiti Wed, 08/08/2007 - 21:41


Use this command on existing router interface "crypto ipsec fragmentation before-encryption" and pix side "crypto ipsec fragmentation before-encryption outside". I hope this will hep for your problem and fragmentaion issue will not show you.

lgginever Wed, 08/08/2007 - 21:43

have a look at this url - it will probably solve your problem:

I have had success in the past clearing the DF bit before in a situation when decreasing the MTU didn't work (due to the icmp path back to the server being blocked as described in the article).


This Discussion