03-24-2004 09:23 AM - edited 03-02-2019 02:31 PM
I read one Cisco doc that said to use this command on GRE - IPSEC tunnels. http://www.cisco.com/en/US/partner/tech/tk827/tk369/technologies_white_paper09186a00800d6979.shtml
Yet the Cisco doc on the command states, "The ip tcp adjust-mss command does not work on subinterfaces or GRE tunnels."
So does it work on Subinterfaces and GRE tunnels or not?
03-24-2004 11:12 AM
This might not be the difinitive answer you were looking for but I've used this on Tunnel interfaces before since we have a FW blocking ICMP between my client and server.
This article on GRE IP MTU also references using ip tcp-adjust mss command on a tunnel interface.
http://www.cisco.com/warp/public/105/56.html#pfragment
Too add to the confusion, I ran into an article in the past that mentioned you also needed to run NAT on the interface for tcp-adjust mss to work! Although I havn't found this to be the case.
03-24-2004 11:47 AM
ip tcp adjust-mss is indeed not supported on a GRE tunnel. In the GRE - IPSEC scenario though, the ip tcp adjust-mss is not to be applied to GRE tunnel interface but to the inbounds interfaces leading to this tunnel.
Hope this helps,
03-24-2004 01:23 PM
I use it on my GRE tunnels and it works well.
ip tcp adjust-mss 1400
I use it on each tunnel interface, that way I can tweak each one independent of the other
03-24-2004 03:23 PM
You are absolutly right. I just tried with 12.3(5) and it works like a charm.
Thanks,
03-26-2004 01:21 AM
And what about NAT. Does ip tcp adjust-mss work without NAT ?
Browsing the Internet over a PPPOE-DSL connection without adjusting mss is a really problem.
If I have a PPPOE-DSL connection with a public-routed adress-range and I do not use NAT,
or I use such a router only for a VPN-tunnel without NAT, does ip tcp adjust-mss work or doesn't it ?
Is there another way to adjust the mss (maybe with PBR) ?
regards
Christian
03-31-2004 09:14 AM
Yes it does.
On the dialer int try ip tcp adjust-mss 1452
On the tunnenl try ip tcp adjust-mss 1380
That's what I use on my 1751 that use PPPOE connections
I attached a cisco doc on the matter.
Here is the formula I derived from the doc
MTU 1500 - the parts the apply for your setup = adjust-mss
ip header(20)
tcp header(20)
gre (24)
pppoe (8)
ipsec transport (38)
ipsec tunnel (56)
04-01-2004 05:12 AM
Is there a way to set the tcp MSS only for some specific traffic ? e.g. traffic that match an access-list ?
04-01-2004 10:28 AM
This would be only interface specific. I don't think there would be any benefit of adjusting the MSS on just an HTTP packet for example or based on specific destination.
The MTU of a link is the MTU, regardless of the type of traffic.
I think if you knew that traffic crossing that interface was going to encounter a smaller segment down it's path, the best place to modify it would be on the router closest to the source (smaller MTU interface). Otherwise it would put the responsibiliy on you (your router) to either guess or know what MTU's you might encounter down the path to the destination...and that could get messy.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide