Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

How the PMTUD works on an IPSEC tunnel?

As I read PMTUD is only works with TCP (especially TCP SYN) packets, but IPSEC uses UDP 500 and 50, 51 IP protocols.

What is the procedure how PMTUD works on the IPSEC tunnel?.

New Member

Re: How the PMTUD works on an IPSEC tunnel?

It is true PMTUD is for TCP packets but also for some tunnel protocols such as IPSec, GRE etc. PMTUD is defined in RFC 1191.

It is important to remember what PMTUD is for, it's purpose is to measure the smallest MTU on the path and then the originator will then send datagrams smaller. PMTUD is a very important way of avoiding fragmentation and as we all know fragmentation can be the cause of increased packet loss rate and increased CPU.

Now to answer how does IPSec and PMTUD work together?

IPSec encapulation will copy the DF bit to the external header, then IPSec will keep track of the path MTU of the tunnel.

Some further information is all available on CCO, but here is one good reference:


New Member

Re: How the PMTUD works on an IPSEC tunnel?

Can you explain that what is used except the TCP SYN packets to adjust the MTU size in IPSEC?

Do you have any information that PIX has got this PMTUD feature?

Thanks in advance