Unanswered Question
Sep 18th, 2009

How is it possible a router sends 1448 bytes of ftp data (frame size is 1514) but not sending 1394 bytes of ftp data (frame size is 1460) over an ipsec tunnel, the router sends ICMP destination unrechable message to the source, the ipsec tunnel mtu is 1476..

Any idea about allowing ICMP destination unrechable message on windows firewall..

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
tmsundar81 Fri, 09/18/2009 - 05:33


How do i reduce the size of the MTU in the system.. guidance plz..

tmsundar81 Mon, 09/21/2009 - 07:02

How is it possible the router sends 1512 frame over ipsec tunnel (tunnel mtu is 1476) and not sending 1460 bytes frame over the same tunnel..

tmsundar81 Mon, 09/21/2009 - 07:09


Both the system use the same application, the only difference is both of them geographically located in a different location

tmsundar81 Mon, 09/21/2009 - 07:15

DF bit is set in both the cases

How do i check the MTU of the NIC card?

MSS is negotiated to 1460

If that is indeed the case - then I am very surprised that it works at all.

If the DF bit is set, and the overall packet site is bigger than the MTU of the tunnel the router will drop it, and send an icmp packet "fragmentation required" message.

When you perform a packet capture on the end devices, do you see this?

d/l and install the below, this will tell you the nic mtu size and allow you to change it

tmsundar81 Mon, 09/21/2009 - 08:15

i have location A and location B, the problem in location A

the destination for both the location is same

the last hop is same for both the locations (ipsec tunnel)

Location A : source ip and destination is

Location B : source ip and destination is

router ip with ipsec tunnel :

tmsundar81 Mon, 09/21/2009 - 10:45

Did u get the chance to look at the capture.. any idea of this behavior..

tmsundar81 Tue, 09/22/2009 - 03:42

In location B the ftp data size is 1448 and the corresponding frame size is 1512 and this happily passes through the tunnel, at the same time in location A the ftp data size is 1394 and the corresponding frame size is 1460 and this does not passes through the tunnel.. this is strange..

the tunnel terminates on the router..


This Discussion