Problem with Site to Site IPSec VPN using ADSL and PPPoE

Answered Question
Dec 3rd, 2007

I have an IPSec site to Site VPN between a 2805 and an 1841. Both have fixed IP's but the 1841 end uses an ADSL connection and PPPoE. The MTU that comes up on the Dialer0 interface is 1454.

I can get small packets through the Tunnel no problem (standard pings) but larger packets do not pass.

Any suggestions?

I have this problem too.
0 votes
Correct Answer by ajagadee about 9 years 1 week ago

You can apply it on both. Below is an URL that explain the MTU Issue and option in detail.

http://www.cisco.com/en/US/tech/tk827/tk369/technologies_white_paper09186a00800d6979.shtml

Regards,

Arul

** Please rate if it helps **

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
ajagadee Mon, 12/03/2007 - 07:35

Have you tried, "ip tcp adjust-mss".

Use the ip tcp adjust-mss command on the tunnel interfaces so that the router will reduce the TCP MSS value in the TCP SYN packet. This will help the two end hosts (the TCP sender and receiver) to use packets small enough so that PMTUD is not needed.

Let me know if it helps.

Regards,

Arul

sshantzcisco Mon, 12/03/2007 - 08:05

Thank you for your quick reply Arul:

I will give that a try when I am in the office tomorrow.

I connect to the ADSL Modem with FastEthernet0/1. Would I need to apply the ip tcp adjust-mss to the Ethernet interface, the Dialer Interface or both?

thanks again

Steve

sshantzcisco Wed, 12/05/2007 - 04:16

Thank you very much Arul:

I have heard that the "magic" MTU for IPSec was 1300. I set the MSS to 1260 at each end. The largest packets I see from the non PPPoE end on the remote network are 1300 bytes - which is what I expected.

The largest size packets I see from the PPPoE side are 1288. I figure that would be 8 bytes PPPoE overhead and the 20 byte Network Layer header.

In any case application traffic is going through the tunnel.

Steve

Actions

This Discussion