Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

MTU on source host breaks connections to remote server

Hi guys, heres my issue:

 

2 different servers at the remote site. Both different applications running on them. (web/rdp + others)

 

Cisco router doing an IPsec p2p tunnel

 

then here at the local side. if my MTU is set lower than 1300 I can connect to both remote hosts via https and rdp.

If my MTU is set to 1500, I cannot connect to either host via any application. I can still ping the hosts and I can still telnet on the open ports.

 

Not sure if its related to the VPN, I have the wireshark captures if it helps. a PC on the remote side can connect fine at any MTU size.

 

http://www.filedropper.com/mtuof1300

http://www.filedropper.com/mtuof1500

4 REPLIES
Cisco Employee

Hi Ryan, If the transit path

Hi Ryan,

 

If the transit path is doing fragmentation , then you would surely need to make sure you are using the optimum MTU to pass the traffic across VPN properly.
You can follow this document to find out the optimum MTU which will allow stable communication across VPN tunnel.

 

Regards,
Dinesh Moudgil

 

P.S. Please rate helpful posts.

Hi Ryan, Default MTU value

Hi Ryan,

 

Default MTU value set on ASA is 1500.... it can allow the maximum of 1500 bytes per unit...

So it is advised to keep the lesser MTU on the transmission segments..... but here we need to check the devices in that path... it shouldn't change the MTU value in between.....

 

I do see at one capture MTU value from the server is with 1312, where you set 1300...

I do see at another capture with a maximum value of app data with 1286 bytes...

I believe the intermediate device is modifying the packet length and there it is getting dropped....

 

Regards

Karthik

Community Member

do you know an explanation,

do you know an explanation, for this, I see it to most of my devices.

 

from my PC, with an MTU set of 1500 I can ping my default gateway with a max size of 1400. (with df set)

from the default gateway pinging back to the PC I can ping with a size of 1500 with df set.

 

I am seeing this behaviour everywhere, seems the direction of the ping, even on the same path makes a big difference.

Community Member

Hi i think the file host has

Hi i think the file host has died, so here are new links with captures:

 

http://kdn.co.nz/ftpaccess/mtuof1500.pcapng

http://kdn.co.nz/ftpaccess/mtuof1300.pcapng

 

I have done some MTU tracing, all interfaces are running at 1500. However I do get some strange results with df pings getting dropped well below 1300 at certain points. What could be the cause of this? I don't understand how a smaller MTU would work where a larger one fails. what sort of device might muck around with packet sizes?

228
Views
0
Helpful
4
Replies
CreatePlease to create content