Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Problems sending large packets through IPSec tunnel

We currently have a IPSec tunnel between a pix 515 in our main office and a 2801 router at our branch office. The tunnel appears to be having fragmentation issues (problems sending large packets through our network), which is causing several of our programs not to work. We have set the MTU size on the outside interface of the PIX to 1400 bytes and we have set the TCP MTU path discovery on the 2801 router. Does the PIX 515 OS ver 6.3 utilize frag guard or some other feature that could be causing this problem?

New Member

Re: Problems sending large packets through IPSec tunnel


Use this command on existing router interface "crypto ipsec fragmentation before-encryption" and pix side "crypto ipsec fragmentation before-encryption outside". I hope this will hep for your problem and fragmentaion issue will not show you.

New Member

Re: Problems sending large packets through IPSec tunnel

have a look at this url - it will probably solve your problem:

I have had success in the past clearing the DF bit before in a situation when decreasing the MTU didn't work (due to the icmp path back to the server being blocked as described in the article).

CreatePlease to create content