MTU Lan2Lan VPN

Unanswered Question
Sep 9th, 2008
User Badges:

Hi,


we run a software package over a lan2lan vpn. if we run this package over a cisco vpn lan2lan it does not work but if we break out locally over the internet instead of over the lan2lan it does work.


has anyone had issues with mtu sizes over a vpn tunnel (lan2lan not remote access).



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
singhsaju Tue, 09/09/2008 - 12:41
User Badges:
  • Silver, 250 points or more

Yes it is possible there is fragmentation issue over the tunnel if you can ping between the hosts over vpn tunnel without any problems.

You may have to adjust TCP MSS value on vpn end devices .

Try to adjust TCP MSS value on PIX if your vpn end device is PIX .

sysopt connection tcp-mss MSS_size_in_bytes

example : sysopt connection tcp-mss 1360


You can also find the exact size for your connection using extended ping utility from your workstation as explained in following link .

For PIX and router( as vpn end devices) use following link

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008081e621.shtml#Issues


For ASA

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804c8b9f.shtml



HTH

Saju

Pls rate if it helps

cmelbourne Tue, 09/09/2008 - 12:50
User Badges:

hey.


we are using cisco 2800 at one head with ethernet broadband (mtu 1500) and the other end is a 1841 with adsl card (mtu is i think 1400 or 13xx not sure). anyway the mtu is not the same on both routers but have the correct mtu tcp adjuss mss in each.


would this make a big difference if the mtu is different on either end of the link?



Actions

This Discussion