Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

MTU on VPN Tunnel

One of our branches just switched ISP's and now is experiencing problems with our VPN staying up.

We are running router-to-router VPN's via 2611's and the tunnel will stay up until we start passing more traffic through it. It works fine for about 5 minutes and than it becomes unpingable. The outside public IP stays pingable.

Could this be an MTU problem on the new ISP's network? Any suggestions how to troubleshoot this or where to begin?

Tony

1 REPLY
New Member

Re: MTU on VPN Tunnel

Tony,

Doesn't look like the mtu issues I've seen. I never had a problem bringing up a tunnel and usually had trouble with applications like exchange, acs, web browsing.

Try this:

ping x.x.x.x -L 1450 -F

You should see an error message stating that the packet is too large and needs to be fragmented but DF-bit is set. Try lowering the packet size in the pings until you find the level that the ping will work. Then try entering the following command in your PIX:

sysopt connection tcpmss 1300

Replace the 1300 with the level of packet size that you were able to get a reply through the tunnel from. You may also want to try lowering the MTU down to that level on the PC and server at both ends of the tunnel.

290
Views
0
Helpful
1
Replies
CreatePlease login to create content