Citrix fails when going through a GRE tunnel

Unanswered Question
Apr 11th, 2006
User Badges:

Hi Sir,

A group of Citrix Clients connect to a Citrix Metaframe Server. The port numbers involved are Citrix Metaframe (TCP/UDP 1494) and MS Terminal Server (TCP/UDP 1604).

The network is configured such that the communication between the Citrix clients and server goes through a GRE tunnel. Traceroutes from client to server, and vice versa, confirm that it passes thru the GRE tunnel. There's no ACL, firewalls or NAT devices along the IP path, in both directions.

The issue is, all Citrix clients can ping to the server but some fail to log on to the server; some have no problem. Also, other applications, e.g. PCAnywhere, can go through. If the GRE tunnel is taken away, all Citrix clients can log on to the Citrix server.

What could be the problem? It seems like the GRE tunnel might cause the problem. Do I need to adjust the TCP MSS or IP MTU on the tunnel interfaces?

Please help.

Thank you.


Lim TS

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
sundar.palaniappan Tue, 04/11/2006 - 10:33
User Badges:
  • Green, 3000 points or more

Appears to be an MTU issue.

Configure 'ip tcp adjust-mss 1400' on anyone interface in the path traffic traverses through.

Pls. rate all helpful posts.



Bryan Wells Fri, 01/11/2013 - 09:39
User Badges:

Hi - I applied the fix above to the tunnel interfaces on both sides including the remote Vlan interface.  It fixed the above issue.  

Jeff Van Houten Sun, 01/13/2013 - 06:12
User Badges:
  • Silver, 250 points or more

If you are going to adjust the mss you also need to adjust the mtu for non-tcp packets on the tunnel. Put "ip mtu 1440" on the tunnel interface as well.

Sent from Cisco Technical Support iPad App


This Discussion