Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Trying to find the highest possible MTU

Unanswered Question
Apr 26th, 2002
User Badges:


I try to find out, wich is the highest possible MTU. So I send a PING -L XXXX -F to the Pix outside, from outside. XXXX is standing for the bytes.

PING xxx.xxx.xxx.xxx -L 992 (and lower) -F

I got a reply

PING xxx.xxx.xxx.xxx -L 993 (up to1472) -F

the ping timed out

PING xxx.xxx.xxx.xxx -L 1473 (and higher) -F

Fragmentation is needed

I don't understand, why it timed out between 993 an 1472.

If i try the same to a router (same internet connection), the ping works up to 1472, with no time out. Upeer 1472 I get the fragmentation message.

Have enyone an answer?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
thomas.schmitz Fri, 05/03/2002 - 01:54
User Badges:

My problem occurs also without any encryption. I'm connected to the internet and send a ping to the outside interface of the PIX. First a thought it is a problem with the router from the ISP, but we have also a CISCO 1605 connected to the same ISP router and there the ping work realy fine until 1472 bytes the I get the message fragmentition needed.

If I'm connected via the VPN Client 3.51 and send a ping to inside, I get the same results, but additional on the PIX, if debug ipsec is on, a message like this: IPSEC(ipsec_cipher_handler): ERR: bad pkt>

I searched in the errordecoder from Cisco, but there are no results.

By the way, the pre-fragmentation is by default on and I didn't switch it off. It occurs not in IPSEC transfermode, which I'm using.

fbenny@esitechn... Wed, 08/04/2004 - 17:23
User Badges:

Hi Thomas,

I have the same problem that you described in this post. In my case it is between two PIX that have a site-to-site VNP between them.

And also, I my case the PING timed out at 993.

Do you have a work-around?



fzink Fri, 02/25/2005 - 02:37
User Badges:


I'am investiguated on the same issue. Did you get an answer? Do you have a workaround?




This Discussion