Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1814
Views
0
Helpful
4
Replies

ADSL Cisco 877 bridge mode and ASA5505

Sebastian Adolfo Yanez
Level 1
Level 1

‎10-23-2010 05:13 AM - edited ‎03-11-2019 11:59 AM

Good afternoon to everybody!

I have this scenario: Cisco877----------ASA5505---------LAN 192.168.2.0/24

I have configured my Cisco 877 in bridge mode. So my ASA5505 will have the public IP address on its outside ethernet interface.

Everything is working well.

But I have a question... Should I change the MTU for the outside ASAs ethernet interface? Now is set to MTU 1500.

For the "inside" is set to MTU 1500.

I have made a "show interfaces" at Cisco877:

Router#show interfaces
ATM0 is up, line protocol is up
  Hardware is MPC ATMSAR (with Alcatel ADSL Module)
  MTU 4470 bytes, sub MTU 4470, BW 734 Kbit/sec, DLY 500 usec,
     reliability 255/255, txload 22/255, rxload 77/255
  Encapsulation ATM, loopback not set
  Encapsulation(s): AAL5  AAL2, PVC mode
  10 maximum active VCs, 1024 VCs per VP, 1 current VCCs
  VC Auto Creation Disabled.
  VC idle disconnect time: 300 seconds
  Last input 00:00:00, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 362
  Queueing strategy: Per VC Queueing
  5 minute input rate 220000 bits/sec, 27 packets/sec
  5 minute output rate 64000 bits/sec, 28 packets/sec
     1669800 packets input, 1343751740 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 9 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     1636733 packets output, 603190202 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 unknown protocol drops
     0 output buffer failures, 0 output buffers swapped out
FastEthernet0 is up, line protocol is up
  Hardware is Fast Ethernet, address is

  MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input never, output never, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 63000 bits/sec, 28 packets/sec
  5 minute output rate 215000 bits/sec, 28 packets/sec
     1621255 packets input, 586565449 bytes, 0 no buffer
     Received 37 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 input packets with dribble condition detected
     1689219 packets output, 1328478895 bytes, 0 underruns
     0 output errors, 0 collisions, 2 interface resets
     0 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out
FastEthernet1 is up, line protocol is down
  Hardware is Fast Ethernet, address is

  MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Auto-duplex, Auto-speed
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input never, output never, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 input packets with dribble condition detected
     0 packets output, 0 bytes, 0 underruns
     0 output errors, 0 collisions, 2 interface resets
     0 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out
FastEthernet2 is up, line protocol is down
  Hardware is Fast Ethernet, address is

  MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Auto-duplex, Auto-speed
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input never, output never, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 input packets with dribble condition detected
     0 packets output, 0 bytes, 0 underruns
     0 output errors, 0 collisions, 2 interface resets
     0 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out
FastEthernet3 is up, line protocol is down
  Hardware is Fast Ethernet, address is

  MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Auto-duplex, Auto-speed
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input never, output never, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 input packets with dribble condition detected
     0 packets output, 0 bytes, 0 underruns
     0 output errors, 0 collisions, 2 interface resets
     0 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out
Vlan1 is up, line protocol is up
  Hardware is EtherSVI, address is

  MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output never, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 75000 bits/sec, 29 packets/sec
  5 minute output rate 199000 bits/sec, 28 packets/sec
     1621764 packets input, 580695069 bytes, 0 no buffer
     Received 1600 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     1689302 packets output, 1321560584 bytes, 0 underruns
     0 output errors, 1 interface resets
     0 unknown protocol drops
     0 output buffer failures, 0 output buffers swapped out
Router#

Labels:
0 Helpful
4 Replies 4

Jitendriya Athavale
Cisco Employee
Cisco Employee

‎10-23-2010 05:26 AM

hi ,

its my personal feeling, unless you are experiencing some issues and slow traffic, we should be ok with mtu of 1500 on the ASA

0 Helpful

Sebastian Adolfo Yanez
Level 1
Level 1
In response to Jitendriya Athavale

‎10-23-2010 05:43 AM

Hi,

For now it is doing well.

It is just that I have read a lot of stuff from people saying that changing this parameter it is posible to surf the web faster. Because of no defragmentation of packets.

Let´s see what happens.

Thanks!

Sebastián Yáñez

0 Helpful

apothula
Level 1
Level 1
In response to Sebastian Adolfo Yanez

‎10-23-2010 05:55 AM


Hi Sebastian,

It is true that using a a lower MTU does help in certain scenarios.

But an MTU of 1500 is is used in most cases unless we have a VPN or some other service that encapsulates the packet (adds headers to the packet) increasing the packet size.

Anyway, try with a lower MTU if you are intersted and let me know your experience

Cheers,


Nash.

0 Helpful

Jitendriya Athavale
Cisco Employee
Cisco Employee
In response to Sebastian Adolfo Yanez

‎10-23-2010 08:37 AM

it depends on a lot of diffrent factors

  • vpn - ipsec usually takes something like 50 odd bytes of extra header and so you might want to reduce mtu so that it is fragmented in the first try and ensure correct packet delivery and reoder instead of retransmission due to fragmentation on the way, this way it helps in improving speed
  • also sometimes there are servers on which the mtu is hard set to something like 1300 or 1200 and in those cases we usually play around with mtu

but having said that, i have not seen many playing around with mtu unless there is an issue

if you want you can change mtu to 1400 which should be safe for most applications

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card