When adding IPsec encapsulation, or GRE and IPSec encapsulation (our scenario, not yours), you sometimes run into fragmentation issues due to the Path MTU. In these circumstances, you would "decrease" the IP MTU on the appropriate interface to make room for the additional headers (GRE, IPSec).
e.g.: We use "ip mtu 1400" on our GRE tunnel interfaces to avoid fragmentation issues.
Reducing the IP MTU on the interface to an appropriate level means that you don't encounter fragmentation issues during the GRE or IPSec encapsulation processes (during Path MTU Discovery).
You should make sure that Path MTU discovery is enabled on your devices. This command may not show up in your configuration if it is the default:
ip tcp path-mtu-discovery
The "default" IP MTU on your interfaces is not likely to be set too small.
I think you will need to identify another cause. You probably want to use a sniffer to see what is happening on the wire.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...