Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
488
Views
0
Helpful
1
Replies

Site to site VPN MTU reco

Go to solution
Tod Larson
Level 3
Level 3

‎02-07-2012 03:16 PM

We are going to deploy a site to site VPN using two ASA5505. The network I'm going to traverse has a max MTU of 1320. I determined this by experimenting with pings of different sizes.

How should I configure MTU on my ASAs?

I'm thinking of using these two commands but I don't know if there are any implications to this...

ip mtu outside 1320

ip mtu inside 1280

Any comments are appreciated.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Eugene Khabarov
Level 7
Level 7

‎02-09-2012 12:04 AM

You don't need to change interfaces MTU itself. But be aware that you need allow ICMP traffic to make PMTUD mechanism works. So your correct mtu setting will be agreed over remote hosts that acts over VPN.

HTH. Please rate if it was helpful. Thank you.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Eugene Khabarov
Level 7
Level 7

‎02-09-2012 12:04 AM

You don't need to change interfaces MTU itself. But be aware that you need allow ICMP traffic to make PMTUD mechanism works. So your correct mtu setting will be agreed over remote hosts that acts over VPN.

HTH. Please rate if it was helpful. Thank you.

0 Helpful
Customers Also Viewed These Support Documents