Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

problem printing across an ipsec-secured link

The vsat link between locationA to LocationB have been secured using ipsec. I have a problem printing across an ipsec-secured link. Every other traffic flows correctly but when i try printing from locationA to LocationB, only the first line prints. the other lines fail to print. When i remove ipsec from the routers, the printing is successful. I would appreciate any suggestions. thanks

Hall of Fame Super Silver

Re: problem printing across an ipsec-secured link

I wonder if the problem is a max packet size issue. When applying IPSec the headers that are added to the packet increase the size of the packet. If the packet being sent from the end station is already max size (or close to it) the IPSec headers may make the packet too large. If the do not fragment bit is set (as it frequently is on TCP packets) it will cause the packet to be discarded.

A solution for this problem that I have used with success is to configure ip tcp adjust-mss on the LAN interface where end station traffic enters and leaves the router. You may need to experiment some to find the optimum size. In situations where I use IPSec with GRE I have found a value about 1375 to be optimum. You can experiment and see what is best in your situation.