Strange!!! Seems to be a MTU issue

Unanswered Question
Jan 28th, 2008

Hi all

I have some problem to establish a TS session between 2 desktops. I have 2 C831 with IPSec VPN between them and everything work fine. But if I take 2 C871 with the same settings, the session is not establish properly.

Here's my interface settings:


LAN (e0) : ip tcp adjust-mss 1380

VPN (tu0) : ip mtu 1436


LAN (vl1) : ip tcp adjust-mss 1380

VPN (tu0) : ip mtu 1436

The only difference is the LAN interface. I tought that maybe a VLAN header increase the packet size but it's not.

The only workarounds that I found is :

Set the ip tcp adjust-mss to 1330


Disable the hardware encryption,

Does anyone has already have that kind of issue ?

Thank you very much

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ajagadee Mon, 01/28/2008 - 09:09

Have you tried pinging different packet size with the IPSEC Tunnel up between the 831's.

Unless its a software or hardware caveat, I would not disable hardware encryption. Depending upon what you have configured on the 831, the 831 CPU may be overwhelmed with encrypting/decrypting packets. So, I would give the "ip tcp adjust-mss" command a shot.



** Please rate all helpful posts **

netadmindetail Mon, 01/28/2008 - 12:00

I try this on 831 and on 871, but I reach the same packet size

ping [IP address of the remote node] -f -l [packet size]

At 1346 I can ping, but at 1347 (packet must be fragmented) on both devices.

What's the difference between those routers ?


This Discussion