I have a LAN-to-LAN vpn tunnel issue. Basically this connection has been working fun up until last Sunday evening. Monday morning rolls around and the site is no longer able to send any packets larger than 538 bytes (payload).
None of my other sites beyond this one have any issues with the same config attached. The site is connected via an Ambit cable modem from Time Warner (business class service).
TW of course claims there is nothing wrong with the service. I have replaced the hardware at the site, and even reconfigured the original hardware to test the tunnel here via DSL and it works fine without issue.
So, ICMP works fine until you tell it to send something larger. Services such as RDP do not work at all.
It appears to be a fragmentation issue. Suggestions on where to start? DF bit is set to clear, MTU and MSS sizes have been adjusted. Config for device is attached.
In order to encrypt a packet, it would need to create a new packet with all of the header information, the ipsec hash, and the ESP or AH information. Normally this averages out to be 56 bytes of the 1500 total size, making the maximum MSS at least 1444. I think On TCP packets there is a packet header called Don't Fragment. When this attribute is set, the packet can not be fragmented from its original size. So when a router, or some firewalls sees this set, the packet can not be adjusted.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...