12-30-2002 04:32 AM - edited 02-21-2020 12:15 PM
As I read PMTUD is only works with TCP (especially TCP SYN) packets, but IPSEC uses UDP 500 and 50, 51 IP protocols.
What is the procedure how PMTUD works on the IPSEC tunnel?.
12-30-2002 05:32 AM
It is true PMTUD is for TCP packets but also for some tunnel protocols such as IPSec, GRE etc. PMTUD is defined in RFC 1191.
It is important to remember what PMTUD is for, it's purpose is to measure the smallest MTU on the path and then the originator will then send datagrams smaller. PMTUD is a very important way of avoiding fragmentation and as we all know fragmentation can be the cause of increased packet loss rate and increased CPU.
Now to answer how does IPSec and PMTUD work together?
IPSec encapulation will copy the DF bit to the external header, then IPSec will keep track of the path MTU of the tunnel.
Some further information is all available on CCO, but here is one good reference:
http://www.cisco.com/warp/public/105/pmtud_ipfrag.html
R/Catherine
12-30-2002 07:53 AM
Can you explain that what is used except the TCP SYN packets to adjust the MTU size in IPSEC?
Do you have any information that PIX has got this PMTUD feature?
Thanks in advance
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide