Checksumming of packets disabled, fast tunneling enabled
Path MTU Discovery, ager 10 mins, MTU 0, expires never
Tunnel transmit bandwidth 8000 (kbps)
Tunnel receive bandwidth 8000 (kbps)
Last input 00:00:04, output 00:00:03, output hang never
Last clearing of "show interface" counters 1d03h
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 34416
Queueing strategy: fifo
I backed out of the changes once I saw a value of 0 and configured "ip mtu 1426" since my ping tests on each side with DF bit set returned a reply for packet size 1426 but received an "ICMP destination unreachable" message for packet size 1427. Ever since that change, customers at the remote site are complaining about slow access.
Why did the path MTU discovery failed even though the ICMP messages are not filtered? Also, why staically setting the MTU to 1426 create more problems than setting it to 1500?
The path MTU is 1426 due to the overhead from encapsulating the tunnel. The performance problem you are encountering is because your hosts are set for MTU=1500 which is larger than your tunnel MTU. This causes the router to fragment every packet. To resolve this you should change the MTU on your hosts to be equal or less than the MTU on your tunnel.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :