IP MTU on both IPsec /GRE VPN

Unanswered Question
Aug 12th, 2008

Can you share the best practice to configure the ip mtu setting on such a vpn connection? Thank you.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ciscocow Tue, 08/12/2008 - 10:45

For GRE: The ip mtu command needs to be put on the GRE tunnel and the physical interface.

For IPSEC: It would be the physical interface as you do not have a logical interface in which to place that command.

Also do not forget to add the "ip tcp adjust-mss" command, or you will have alot of headaches.

drnteam Tue, 08/12/2008 - 21:14


I am using the IPSEC tunnel but enabled the IP mtu under tunnel. Is it a good practice to enable IP mtu under tunnel only. Also what exactly the "ip tcp adjust-mss" will do?

Please explain.

Thanks in advance.

pmpesha Wed, 08/13/2008 - 05:29

Thank you ciscocow. I do have tihe ip mtu configured on my GRE tunnels, with the ip tcp adjust-mass. Mu Ipsec interfaces hare using the defalut value (1500), I do not have the ip tcp adjust-mass configured. When I do perform the test on my IPsec interfaces I do get an error about failing MTU size and Do not Fragment bit, any ideas?


This Discussion