Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
257
Views
0
Helpful
1
Replies

Cisco 3015 Site - Site MTU issue - Server

dclee
Level 1
Level 1

‎06-15-2006 06:37 AM

We currently have a Site - Site connection to a law firm. They connect to our Peoplesoft server webpage. After a server upgrade they are intermittently connecting to the web page. After sniffing the connection I see the remote traffic connects fine but the reply back from the server is forcing the VPN3015 to issue ICMP Dest Unreachable (fragmentation) errors to the server. This is then followed by a bunch of TCP retries from the server. I suspect packet size is to big. So do I find a way to decrease the MTU size on the server ? If so what size ? Or find a way to set the fragmentation flag on the server ?

Or can I configure the 3015 to handle this ?

Thanks for your help

Cheers

Dave

Labels:
0 Helpful
1 Reply 1

jbrunner007
Level 1
Level 1

‎06-16-2006 08:53 AM

the 3015 can handle this; just change mtu to 1300 and set the interface to

Fragment prior to IPSec encapsulation without Path MTU Discovery (Clear DF bit)

under Configuration | Interfaces | Ethernet 2

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents