Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
381
Views
0
Helpful
2
Replies

Possible MTU issue

Andrew.Prescott
Level 1
Level 1

‎09-25-2007 04:24 AM

I have a LWAPP tunnel running through a PIX to PIX VPN tunnel. Max frame sizes trying to get accross the LWAPP tunnel get dropped. How I force the PIXs to fragment?

Labels:
0 Helpful
2 Replies 2

didyap
Level 6
Level 6

‎10-01-2007 10:34 AM

You cannot force the PIX to fragment packets, however you can increase the mtu size on PIX using command "sysopt connection tcpmss".

0 Helpful

tor.neset
Level 1
Level 1
In response to didyap

‎05-14-2008 01:18 PM

I have the same problem with LWAPP packets that are fragmented gets dropped as long as they are inside the IPSec tunnel. The LWAPP is a UDP protocol packet.

How do we use the "sysopt connection tcpmss" to get the PIX to forward these fragments?

The fragements are set with the DF bit. 1.st Fragment is 1476 byte and this is less than the standard MTU on PIX IPsec tunnel but larger than MTU minus IPSec Overhead. I've tried to increase the MTU in PIX VPN tunell but no good result.

0 Helpful
Customers Also Viewed These Support Documents