cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4302
Views
0
Helpful
1
Replies

Test MTU Size Over IPSEC Tunnel

jtmullis82
Level 1
Level 1

How can I test the MTU size going over a IPSEC tunnel from a ASA 5520 to a ASA 5510? I am having concerns that the issues with my equipment are due to insufficient MTU size.

1 Accepted Solution

Accepted Solutions

manish arora
Level 6
Level 6

You can use extended ping to see the size of packet that you can send over the tunnel with DF bit

set do not fragment. for ex :-

if you have two windows machines , one on each side of the vpn with ip add 10.2.2.10 and 10.3.3.10.

ping from 10.2.2.10 using :-

ping 10.3.3.10

reply success

ping 10.3.3.10 -l 1500 -f  { where -l 1500 sets the MTU to 1500 and -f says do not fragment }

packet needs to be fragmentated but df set

packet needs to be fragmentated but df set

ping 10.3.3.10 -l 1300 -f

packets needs fragmentation but df set

ping 10.3.3.10 -l 1270 -f

reply success

reply success

thanks

manish

View solution in original post

1 Reply 1

manish arora
Level 6
Level 6

You can use extended ping to see the size of packet that you can send over the tunnel with DF bit

set do not fragment. for ex :-

if you have two windows machines , one on each side of the vpn with ip add 10.2.2.10 and 10.3.3.10.

ping from 10.2.2.10 using :-

ping 10.3.3.10

reply success

ping 10.3.3.10 -l 1500 -f  { where -l 1500 sets the MTU to 1500 and -f says do not fragment }

packet needs to be fragmentated but df set

packet needs to be fragmentated but df set

ping 10.3.3.10 -l 1300 -f

packets needs fragmentation but df set

ping 10.3.3.10 -l 1270 -f

reply success

reply success

thanks

manish

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: