Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Pix to Pix VPN MTU Problem

Hi specialists,

I get tcp checksum errors with one of 5 PIX506 peers. Debug tells: IPSEC(ipsec_prepare_encap_request): ERROR: unable to fragment packet pktsize=1420, eff_mtu = 1412. Any ideas which wheel to turn?

1 REPLY
Cisco Employee

Re: Pix to Pix VPN MTU Problem

We see this error occasionally, usually means the PIX has got itself in a knot.

To fix it (this usually works), re-type in the MTU commands in the PIX (there'll be one for each interface, don't change them, just re-type them in as you see them), do a "wr mem" and reload the PIX. When it comes up the errors should cease.

133
Views
0
Helpful
1
Replies
CreatePlease to create content