Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Problem with my cisco 871-k9-advsecurity

Hello everybody

i'm actually configure a router cisco 871.

My objectives:

- access to internet

- Create a VPN Site to Site

for the internet connection all is ok

no more problem.

But i have a serios problem with my VPN. I created a VPN-Site-to-Site between this router and Netasq F200. VPN is working but when i want to ping form computer behing my cisco, all is ok i can ping which is my netasq address, i can ping server (

but if i want to make a 2048 bytes ping on the netasq i can but if i make

ping -l 2048 (the server) i can't i don't have any answer. But i used ethereal on server i see icmp incoming form my computer on the netasq i see the answer which come to the cisco but i don't have any answer on my computer. On ethereal i see that there are fragments i tryed to modify MSS (cause i can't modify MTU) but there were no effect.

Please i need to make ping with 2048 bytes it's for GPO (Windows) I attach config file. I hope u'll help me.

Hall of Fame Super Silver

Re: Problem with my cisco 871-k9-advsecurity

Hello Mathieu,

you can follow the guidelines of the document

I would suggest you to reduce the IP MTU with the command ip mtu 1380 under interface vlan1.

MSS applies only to TCP so it isn't effective for ICMP traffic.

hope to help


Community Member

Re: Problem with my cisco 871-k9-advsecurity

i already reduced mtu but no way

i cant make ping with 2048 byte on the distant router and it's working but not server behind this router

a little diagram :

IPSec tunnel


Server - - - - ROUTER - - - - - - ROUTER CISCO 871 NETASQ F200

and behind router i have another server :

if i ping (2048) from to it's ok

if i ping (2048) from to no answer

if i ping (normal) form to it's ok

if i ping (2048) from to no answer

it's same if i ping from to

i don't understand

CreatePlease to create content