Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco 3015 Site - Site MTU issue - Server

We currently have a Site - Site connection to a law firm. They connect to our Peoplesoft server webpage. After a server upgrade they are intermittently connecting to the web page. After sniffing the connection I see the remote traffic connects fine but the reply back from the server is forcing the VPN3015 to issue ICMP Dest Unreachable (fragmentation) errors to the server. This is then followed by a bunch of TCP retries from the server. I suspect packet size is to big. So do I find a way to decrease the MTU size on the server ? If so what size ? Or find a way to set the fragmentation flag on the server ?

Or can I configure the 3015 to handle this ?

Thanks for your help

Cheers

Dave

1 REPLY
New Member

Re: Cisco 3015 Site - Site MTU issue - Server

the 3015 can handle this; just change mtu to 1300 and set the interface to

Fragment prior to IPSec encapsulation without Path MTU Discovery (Clear DF bit)

under Configuration | Interfaces | Ethernet 2

120
Views
0
Helpful
1
Replies