01-30-2010 04:11 PM - edited 03-04-2019 07:21 AM
folks
i have a site to site vpn with possible mtu issues
i have configured the ip tcp adjust-mss 1300 command on both the lan side closest to the AD servers and on the interface facing the wan on my local router
the vpn doesn't start on the routers but on an attached hardware encryptor
there is another hardware encryptor on the remote site
i also have a route-map applied to the external/wan interface of my local router
route-map clear-DF permit 10
match ip address 150
set ip df 0
ACL 150 is permit tcp any any
this has resolved lots of issues i was having with users trying to get authenticated internet access from the remote site across the vpn but i'm getting reports of problems adding new machines to the remote lan and with applying group policy
can someone advise
- should i set the mtu as well as configuring the ip tcp adjust-mss 1300 command
- are there any relevant config guides for a site to site vpn and using adjust-mss
i've attached a basic topology so hopefully it will help
thanks to anyone taking the time to read this or to reply
greatly appreciated
01-30-2010 06:30 PM
Hi
Are you using type-1 encryption devices?
Reza
01-31-2010 04:04 AM
reza
it is a type-1 box, tamper resistant etc
thanks
02-02-2010 05:21 AM
Hi,
this might help a little:
http://www.cisco.com/en/US/tech/tk827/tk369/technologies_white_paper09186a00800d6979.shtml
What are your current problems in details?
HTH,
Milan
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: