Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1489
Views
0
Helpful
3
Replies

ip tcp adjust-mss & mtu

mulhollandm
Level 1
Level 1

‎01-30-2010 03:51 PM

folks

i have a vpn between two hardware serial encryptors and i'm having a few active directory issues which i suspect are mtu related, i.e. group policy donesn't always apply

i'm looking some advice on using the ip tcp adjust-mss command and and mtu command

can anyone recommend a guide to me please?

i'm attaching a topology in the hope it will jog someone's memory and i can add some relevant config if it helps

thanks to anyone taking the time to read this or reply

Labels:
Preview file
17 KB
0 Helpful
3 Replies 3

james.bastnagel
Level 1
Level 1

‎01-30-2010 09:49 PM

Mulholland,

What would lead you to believe that this issue is TCP-MSS or MTU related? In

my experience if it were related to that, then group policy would not apply

consistently and there would be a lot more issues than only GPO's not

applying.

Here is a pretty straight forward guide to finding the MTU you should be

using. http://www.howtonetworking.com/VPN/mtu4.htm

<>Also, rather than changing the

MTU or MSS on your entire network, you may try adjusting the window size or

MTU on one or two client devices to see if that alleviates any of the issues

you are seeing--and be sure thats it before you change those settings on a

router...

Additionally, if you can run a packet capture on a device that is having

connectivity issues and you see a huge number of duplicate acks--or tcp

packets with the same sequence number then that would lean towards an MTU

issue. Wireshark has pretty good built in analysis for this type of thing.

I hope this helps. Let us know how it works out.

On Sat, Jan 30, 2010 at 3:51 PM, mulhollandm <

0 Helpful

mulhollandm
Level 1
Level 1
In response to james.bastnagel

‎01-31-2010 04:01 AM

james

i suspect its mtu size as we already patched one of the remote hosts with a MS patch and this resolved the issue but i'll have different users drifting in & out of this lan so i need a solution that will affect all users

i configured the tcp mss command some time ago and it sorted out other mtu issues but i'm led to believe the AD sends a number of large packets for machine joining a domain but i need to read up a bit more on this

thanks

0 Helpful

pudawat
Level 1
Level 1

‎01-31-2010 09:15 AM

HI This is Cisco's Guide for TCP adjust-mss & mtu on IOS Router:

http://www.cisco.com/en/US/docs/ios/12_2sb/12_2sba/feature/guide/sb_admss.html

Thanks,

Pradhuman

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents