05-15-2007 07:22 AM - edited 03-09-2019 05:59 PM
We are attempting to troubleshoot a VPN tunnel problem - symptom being that the receiver is seeing out of order packets (not unusual, I think) and missing packets. The receiver suspects a black hole router somewhere between our Concentrator and his network. Cisco says it sounds like a packet size issue and recommends setting the fragmentation option to "Fragment prior to IPsec encapsulation with Path MTU Discovery (ICMP)".
I am a novice at this and am wondering if it's better to set the fragmentation option as recommended or lower the MTU setting on the concentrator. It seems from what I've read at various sites that the PMTUD option depends on routers between me and the receiver properly handling that request.
I will add that the missing packet issue is intermittent. The same bundle of data may fail due to a missing packet and then turn around and immediately work when the receiver re-requests the same data.
05-21-2007 10:42 AM
Refer to this white paper, it may help you:
http://www.cisco.com/en/US/tech/tk827/tk369/technologies_white_paper09186a00800d6979.shtml
05-22-2007 11:57 AM
Thanks!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: