Test MTU Size Over IPSEC Tunnel

Answered Question
Aug 17th, 2010

How can I test the MTU size going over a IPSEC tunnel from a ASA 5520 to a ASA 5510? I am having concerns that the issues with my equipment are due to insufficient MTU size.

I have this problem too.
0 votes
Correct Answer by manish arora about 6 years 3 months ago

You can use extended ping to see the size of packet that you can send over the tunnel with DF bit

set do not fragment. for ex :-

if you have two windows machines , one on each side of the vpn with ip add 10.2.2.10 and 10.3.3.10.

ping from 10.2.2.10 using :-

ping 10.3.3.10

reply success

ping 10.3.3.10 -l 1500 -f  { where -l 1500 sets the MTU to 1500 and -f says do not fragment }

packet needs to be fragmentated but df set

packet needs to be fragmentated but df set

ping 10.3.3.10 -l 1300 -f

packets needs fragmentation but df set

ping 10.3.3.10 -l 1270 -f

reply success

reply success

thanks

manish

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
manish arora Tue, 08/17/2010 - 10:11

You can use extended ping to see the size of packet that you can send over the tunnel with DF bit

set do not fragment. for ex :-

if you have two windows machines , one on each side of the vpn with ip add 10.2.2.10 and 10.3.3.10.

ping from 10.2.2.10 using :-

ping 10.3.3.10

reply success

ping 10.3.3.10 -l 1500 -f  { where -l 1500 sets the MTU to 1500 and -f says do not fragment }

packet needs to be fragmentated but df set

packet needs to be fragmentated but df set

ping 10.3.3.10 -l 1300 -f

packets needs fragmentation but df set

ping 10.3.3.10 -l 1270 -f

reply success

reply success

thanks

manish

Actions

This Discussion

Related Content