ip tcp adjust-mss & mtu size

Unanswered Question
Jan 30th, 2010


i have a site to site vpn with possible mtu issues

i have configured the ip tcp adjust-mss 1300 command on both the lan side closest to the AD servers and on the interface facing the wan on my local router

the vpn doesn't start on the routers but on an attached hardware encryptor

there is another hardware encryptor on the remote site

i also have a route-map applied to the external/wan interface of my local router

route-map clear-DF permit 10
match ip address 150
set ip df 0

ACL 150 is  permit tcp any any

this has resolved lots of issues i was having with users trying to get authenticated internet access from the remote site across the vpn but i'm getting reports of problems adding new machines to the remote lan and with applying group policy

can someone advise

- should i set the mtu as well as configuring the ip tcp adjust-mss 1300 command

- are there any relevant config guides for a site to site vpn and using adjust-mss

i've attached a basic topology so hopefully it will help

thanks to anyone taking the time to read this or to reply

greatly appreciated

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion