Possible MTU issue

Unanswered Question
Sep 25th, 2007

I have a LWAPP tunnel running through a PIX to PIX VPN tunnel. Max frame sizes trying to get accross the LWAPP tunnel get dropped. How I force the PIXs to fragment?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
didyap Mon, 10/01/2007 - 10:34

You cannot force the PIX to fragment packets, however you can increase the mtu size on PIX using command "sysopt connection tcpmss".

I have the same problem with LWAPP packets that are fragmented gets dropped as long as they are inside the IPSec tunnel. The LWAPP is a UDP protocol packet.

How do we use the "sysopt connection tcpmss" to get the PIX to forward these fragments?

The fragements are set with the DF bit. 1.st Fragment is 1476 byte and this is less than the standard MTU on PIX IPsec tunnel but larger than MTU minus IPSec Overhead. I've tried to increase the MTU in PIX VPN tunell but no good result.


This Discussion