09-16-2008 08:38 AM - edited 03-03-2019 11:34 PM
I am trying to connect from florida location to MO. trace route, ping and telnet 3389 works but RDP application not works.I did some work around and used the command ip tcp adjust-mss 1260 in my first tunnel and it fixed the issue. my question is how MTU is varying and will it have effect on Applications?
Thanks in advance
09-16-2008 09:28 AM
Hi,
Application data packets have their own header .IPsec adds its header to normal data packet and increases its size and if you are doing GRE over Ipsec then GRE header is also added.This increase the size of packet more than 1500 bytes . And since network devices have MTU set for 1500 bytes these devices will try to fragment the packet . And since the df bit on the packets is not set and the device cannot fragment it , it drops the packet.
You can find out the exact packet size that will traverse the tunnel without fragmentation by using ping "ping -l 1400 192.168.1.1 -f " . you can gradually decrease the length of packet and see when you start getting the response from destination host . Then once you know that length of packet , you can adjust TCP MSS value accordingly on the VPN head end device.
Check out the following link :
HTH
Saju
Pls rate helpful posts
09-16-2008 11:46 AM
Make sense.
Thanks for the reply
09-16-2008 12:38 PM
Correction
"And since the df bit on the packets is set and the device cannot fragment it , it drops the packet"
09-17-2008 05:52 AM
Saju,
Is there any other way we can solve this issue without using ip tcp adjust -mss.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: