Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

FPM policy breaking DMVPN

R1 --- R2 --- R3

There is a working dmvpn tunnel between R1 & R3 which breaks if I apply following FPM policy on R2:

interface E0/1

ip address x.x.y.y 255.255.255.0

service-policy type access-control input ICMP-DROP

<config>

load protocol flash:ip.phdf

load protocol flash:icmp.phdf

class-map type access-control match-any FRAG-IP

match field IP fragment-offset gt 0

policy-map type access-control IP-DROP

class FRAG-IP

drop

class-map type stack match-all IP-ICMP

match field IP protocol eq 0x1 next icmp

policy-map type access-control ICMP-DROP

class IP-ICMP

service-policy IP-DROP

</config>

No amount of consoling this dmvpn using any MTU or TCP adjust-mss variations seem to help.

273
Views
0
Helpful
0
Replies
CreatePlease to create content