FTP over IPsec

Unanswered Question
Mar 1st, 2008
User Badges:

Dear All,


I am facing a slow response issue when using FTP over IPSec tunnel between Branch office Router and CO router

If I do FTP without IPsec then it works fine.


Please suggest.


Thanks,

Shailendra


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Joseph W. Doherty Sun, 03/02/2008 - 10:24
User Badges:
  • Super Bronze, 10000 points or more

Possibly due to reduction of MTU when FTP is encapsulated within IPSec. If able, and if not already doing so, might try "ip tcp adjust-mss" with appropriate value to avoid fragmentation.

Marvin Rhoads Mon, 07/15/2013 - 21:06
User Badges:
  • Super Silver, 17500 points or more
  • Cisco Designated VIP,

    2017 Firewalling, Network Management, VPN

There are a couple of good articles on the details of why this is often advisable on VPN-based links.


Cisco article

Packetlife article


Both are pretty old but the underlying technology is even older.


The basic setting is an interface configuration mode setting as follows:


int  
ip tcp adjust-mss 1460

Actions

This Discussion