Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Active Directory MTU Serting through tunnel

2600 connecting to another 2600 via isakmp tunnel.

At various times, AD freezes, long logins to exchange, etc.

Through all this ping times are great. Applications working 95% of the time.

I have heard that changeing the MTU on the server can make a huge improvement

Wondered if anyone is familer with that and a suggested MTU

Thanks in Advance

New Member

Re: Active Directory MTU Serting through tunnel

Is this a back to back setup ? If yes, how are they connected (via ethernet or serial) ? there are issues with MTU and IPSec. if you think MTU is causing the problem, check if there are packets getting fragmented on the initiator side.

If this is not a back to back setup and mtu is giving nightmares then you need to run Path MTU discovery which will find out the maximum mtu allowed in the entire tunnel path priorhand.

New Member

Re: Active Directory MTU Serting through tunnel

Basically the remote site is a 2600 with a dsl card to the INternet.

The main site is a 2600 with a t1 to the Internet, 4 tunnels connect here

In the remote site I have a 2000 server with about 10 dumb terminals and 10 pc's

In the main site has the primary servers, Exchange etc.

Spuratically but everyday, I have issues with Outlook loosing connectivity to exchange, active directory running slow, etc. That being said, I have Telnet applications running all day without issue as well as great ping times.

I have heard the Path discovery feature on 2000 does not work well with Cisco Routers and IPSEC, especially when PPOE is in use.

So my question, should the MTU be manually altered on the server, and if so, on which side, remote or main. Also what is a safe number without affecting other applications.

I know this is probably more of a server question, but..........

CreatePlease login to create content