Giuseppe Larosa Tue, 09/01/2009 - 09:24
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Meenakshi,


this is a sign of MTU problems you may need to reduce the mtu on client lan side for example:


int vlan 100

ip mtu 1480


Is this an MPLS scenario, are you using PPPoE, ipsec?

how much to decrease the mtu depends on your network scenario


Hope to help

Giuseppe


tmsundar81 Tue, 09/01/2009 - 10:07
User Badges:

Here is the scenario

I have a system A -> layer2 switch1 -> layer3 switch2 -layer3 switch3 -> router1 -> router2 -> internet ---- remote location


I get the message from router1 which is configured for ipsec towards client, the beauty is, the frame size is 1460 which gives this error and at the same time I have another frame size of 1514 which passes through the same ipsec tunnel… the MTU on the interfaces all the way are 1500..


Giuseppe Larosa Tue, 09/01/2009 - 10:27
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Meenakshi,


the 1514 byte size packet is fragmented by packet originator device.

the 1460 bytes is sent in a single packet by packet originator device.

During its travel in the network it reaches a device that adds overhead (IPSec likely) and a need to fragment arises.


see


http://www.cisco.com/en/US/tech/tk827/tk369/technologies_white_paper09186a00800d6979.shtml


Hope to help

Giuseppe

tmsundar81 Tue, 09/01/2009 - 10:47
User Badges:

Hi

I have attached two file working and not working


look for source 161.228.80.77 and destination 152.144.253.61 in working file


look for source 152.144.175.35 and destination 152.144.253.61 in not working file


i believe no fragmentation is done..



Attachment: 

Actions

This Discussion