Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Test MTU Size Over IPSEC Tunnel

How can I test the MTU size going over a IPSEC tunnel from a ASA 5520 to a ASA 5510? I am having concerns that the issues with my equipment are due to insufficient MTU size.

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions

Re: Test MTU Size Over IPSEC Tunnel

You can use extended ping to see the size of packet that you can send over the tunnel with DF bit

set do not fragment. for ex :-

if you have two windows machines , one on each side of the vpn with ip add 10.2.2.10 and 10.3.3.10.

ping from 10.2.2.10 using :-

ping 10.3.3.10

reply success

ping 10.3.3.10 -l 1500 -f  { where -l 1500 sets the MTU to 1500 and -f says do not fragment }

packet needs to be fragmentated but df set

packet needs to be fragmentated but df set

ping 10.3.3.10 -l 1300 -f

packets needs fragmentation but df set

ping 10.3.3.10 -l 1270 -f

reply success

reply success

thanks

manish

1 REPLY

Re: Test MTU Size Over IPSEC Tunnel

You can use extended ping to see the size of packet that you can send over the tunnel with DF bit

set do not fragment. for ex :-

if you have two windows machines , one on each side of the vpn with ip add 10.2.2.10 and 10.3.3.10.

ping from 10.2.2.10 using :-

ping 10.3.3.10

reply success

ping 10.3.3.10 -l 1500 -f  { where -l 1500 sets the MTU to 1500 and -f says do not fragment }

packet needs to be fragmentated but df set

packet needs to be fragmentated but df set

ping 10.3.3.10 -l 1300 -f

packets needs fragmentation but df set

ping 10.3.3.10 -l 1270 -f

reply success

reply success

thanks

manish

3122
Views
0
Helpful
1
Replies
CreatePlease login to create content