Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2928
Views
5
Helpful
4
Replies

Problem with Site to Site IPSec VPN using ADSL and PPPoE

Go to solution
sshantzcisco
Level 1
Level 1

‎12-03-2007 07:16 AM - edited ‎02-21-2020 03:24 PM

I have an IPSec site to Site VPN between a 2805 and an 1841. Both have fixed IP's but the 1841 end uses an ADSL connection and PPPoE. The MTU that comes up on the Dialer0 interface is 1454.

I can get small packets through the Tunnel no problem (standard pings) but larger packets do not pass.

Any suggestions?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ajagadee
Cisco Employee
Cisco Employee
In response to sshantzcisco

‎12-03-2007 10:48 AM

You can apply it on both. Below is an URL that explain the MTU Issue and option in detail.

http://www.cisco.com/en/US/tech/tk827/tk369/technologies_white_paper09186a00800d6979.shtml

Regards,

Arul

** Please rate if it helps **

View solution in original post

0 Helpful
4 Replies 4

Go to solution
ajagadee
Cisco Employee
Cisco Employee

‎12-03-2007 07:35 AM

Have you tried, "ip tcp adjust-mss".

Use the ip tcp adjust-mss command on the tunnel interfaces so that the router will reduce the TCP MSS value in the TCP SYN packet. This will help the two end hosts (the TCP sender and receiver) to use packets small enough so that PMTUD is not needed.

Let me know if it helps.

Regards,

Arul

Go to solution
sshantzcisco
Level 1
Level 1
In response to ajagadee

‎12-03-2007 08:05 AM

Thank you for your quick reply Arul:

I will give that a try when I am in the office tomorrow.

I connect to the ADSL Modem with FastEthernet0/1. Would I need to apply the ip tcp adjust-mss to the Ethernet interface, the Dialer Interface or both?

thanks again

Steve

0 Helpful

Go to solution
ajagadee
Cisco Employee
Cisco Employee
In response to sshantzcisco

‎12-03-2007 10:48 AM

You can apply it on both. Below is an URL that explain the MTU Issue and option in detail.

http://www.cisco.com/en/US/tech/tk827/tk369/technologies_white_paper09186a00800d6979.shtml

Regards,

Arul

** Please rate if it helps **

0 Helpful

Go to solution
sshantzcisco
Level 1
Level 1
In response to ajagadee

‎12-05-2007 04:16 AM

Thank you very much Arul:

I have heard that the "magic" MTU for IPSec was 1300. I set the MSS to 1260 at each end. The largest packets I see from the non PPPoE end on the remote network are 1300 bytes - which is what I expected.

The largest size packets I see from the PPPoE side are 1288. I figure that would be 8 bytes PPPoE overhead and the 20 byte Network Layer header.

In any case application traffic is going through the tunnel.

Steve

0 Helpful
Customers Also Viewed These Support Documents