cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
383
Views
0
Helpful
3
Replies

GRE/IPSec Tunnel Help!!!

dhopper82
Level 1
Level 1

We have some routers that are going over a GRE tunnel and have IPSec encryption. THis is done over a 3G line. We were experiencing problems with certain applications being slow and changed the mtu size from 1514 to 1420. This improved the connection to our applications but now they are having issues getting to certain internet sites. Has anyone seen this issue before? Is there a fix to it?

This is our tunnel config...

interface Tunnel0

ip address 10.10.5.6 255.255.255.252

ip tcp adjust-mss 1420

tunnel source Cellular0/1/0

tunnel destination 68.16.91.195

tunnel path-mtu-discovery

!

3 Replies 3

Peter Paluch
Cisco Employee
Cisco Employee

Hello,

Can you be more specific about the "issues getting to certain internet sites"? Do you suspect your packets getting lost? Is the connection still slow? Can you perhaps identify some technical issue that you believe to be related to the cause of your problem?

Best regards,

Peter

Brent Rockburn
Level 2
Level 2

ip tcp adjust-mss 1360

On the Cellular0/1/0 interface.

I had a similar issue and this helped.

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Dennis,

I agree with Brent you need to reduce further TCP MSS 1420 doesn't reflect all your encapsulation overheads (GRE 24 Bytes and IPSEC (variable depending if using tunnel mode or not) and 40 bytes IPv4 + TCP headers)

Hope to help

Giuseppe

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: