Fragmentation

Unanswered Question
Sep 12th, 2008

I have 2 networks connected through a VPN from a PIX 525 to a PIX 525 and traffic that is over 1200 MTU is not traversing the tunnel. I have tried to set the PIX interfaces to 1200 MTU and permitting pre-encryption fragmentation but to no avail any thoughts???

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
suschoud Fri, 09/12/2008 - 11:46

Is it the mtu or the mss ?

Please try this on both pix ( if they are running 7.x or 8.x code ) :

access-list http-list2 permit ip any any

class-map http-map1

match access-list http-list2

exit

tcp-map mss-map

exceed-mss allow

exit

policy-map global_policy

class http-map1

set connection advanced-options mss-map

exit

exit

Please rate if helps.

Regards,

Sushil

Actions

This Discussion