Fragmentation

Unanswered Question
Sep 12th, 2008
User Badges:

I have 2 networks connected through a VPN from a PIX 525 to a PIX 525 and traffic that is over 1200 MTU is not traversing the tunnel. I have tried to set the PIX interfaces to 1200 MTU and permitting pre-encryption fragmentation but to no avail any thoughts???

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
suschoud Fri, 09/12/2008 - 11:46
User Badges:
  • Gold, 750 points or more

Is it the mtu or the mss ?



Please try this on both pix ( if they are running 7.x or 8.x code ) :




access-list http-list2 permit ip any any

class-map http-map1

match access-list http-list2

exit

tcp-map mss-map

exceed-mss allow

exit

policy-map global_policy

class http-map1

set connection advanced-options mss-map

exit

exit



Please rate if helps.



Regards,

Sushil

Actions

This Discussion