https://community.cisco.com/t5/network-security/trying-to-find-the-highest-possible-mtu/m-p/46347#M1063006 <P>Hello,</P><P></P><P>I try to find out, wich is the highest possible MTU. So I send a PING -L XXXX -F to the Pix outside, from outside. XXXX is standing for the bytes.</P><P></P><P>PING xxx.xxx.xxx.xxx -L 992 (and lower) -F</P><P>I got a reply</P><P></P><P>PING xxx.xxx.xxx.xxx -L 993 (up to1472) -F</P><P>the ping timed out</P><P></P><P>PING xxx.xxx.xxx.xxx -L 1473 (and higher) -F</P><P>Fragmentation is needed</P><P></P><P>I don't understand, why it timed out between 993 an 1472.</P><P></P><P>If i try the same to a router (same internet connection), the ping works up to 1472, with no time out. Upeer 1472 I get the fragmentation message.</P><P></P><P>Have enyone an answer?</P><P></P><P>Thomas</P> Fri, 21 Feb 2020 06:02:28 GMT thomas.schmitz 2020-02-21T06:02:28Z https://community.cisco.com/t5/network-security/trying-to-find-the-highest-possible-mtu/m-p/46347#M1063006 <P>Hello,</P><P></P><P>I try to find out, wich is the highest possible MTU. So I send a PING -L XXXX -F to the Pix outside, from outside. XXXX is standing for the bytes.</P><P></P><P>PING xxx.xxx.xxx.xxx -L 992 (and lower) -F</P><P>I got a reply</P><P></P><P>PING xxx.xxx.xxx.xxx -L 993 (up to1472) -F</P><P>the ping timed out</P><P></P><P>PING xxx.xxx.xxx.xxx -L 1473 (and higher) -F</P><P>Fragmentation is needed</P><P></P><P>I don't understand, why it timed out between 993 an 1472.</P><P></P><P>If i try the same to a router (same internet connection), the ping works up to 1472, with no time out. Upeer 1472 I get the fragmentation message.</P><P></P><P>Have enyone an answer?</P><P></P><P>Thomas</P> Fri, 21 Feb 2020 06:02:28 GMT https://community.cisco.com/t5/network-security/trying-to-find-the-highest-possible-mtu/m-p/46347#M1063006 thomas.schmitz 2020-02-21T06:02:28Z https://community.cisco.com/t5/network-security/trying-to-find-the-highest-possible-mtu/m-p/46348#M1063008 <HTML><HEAD></HEAD><BODY><P>You might consider pre-fragmentation before the packet enters the tunnel. See <A class="jive-link-custom" href="http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121limit/121e/121e11/lokahead.htm" target="_blank">http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121limit/121e/121e11/lokahead.htm</A> for details. I hope this helps. </P></BODY></HTML> Thu, 02 May 2002 19:45:29 GMT https://community.cisco.com/t5/network-security/trying-to-find-the-highest-possible-mtu/m-p/46348#M1063008 ssoberlik 2002-05-02T19:45:29Z https://community.cisco.com/t5/network-security/trying-to-find-the-highest-possible-mtu/m-p/46349#M1063010 <HTML><HEAD></HEAD><BODY><P>My problem occurs also without any encryption. I'm connected to the internet and send a ping to the outside interface of the PIX. First a thought it is a problem with the router from the ISP, but we have also a CISCO 1605 connected to the same ISP router and there the ping work realy fine until 1472 bytes the I get the message fragmentition needed.</P><P>If I'm connected via the VPN Client 3.51 and send a ping to inside, I get the same results, but additional on the PIX, if debug ipsec is on, a message like this: IPSEC(ipsec_cipher_handler): ERR: bad pkt 10.1.80.3-&gt;10.1.1.1</P><P>I searched in the errordecoder from Cisco, but there are no results.</P><P></P><P>By the way, the pre-fragmentation is by default on and I didn't switch it off. It occurs not in IPSEC transfermode, which I'm using.</P></BODY></HTML> Fri, 03 May 2002 08:54:02 GMT https://community.cisco.com/t5/network-security/trying-to-find-the-highest-possible-mtu/m-p/46349#M1063010 thomas.schmitz 2002-05-03T08:54:02Z https://community.cisco.com/t5/network-security/trying-to-find-the-highest-possible-mtu/m-p/46350#M1063012 <HTML><HEAD></HEAD><BODY><P>Hi Thomas,</P><P></P><P>I have the same problem that you described in this post. In my case it is between two PIX that have a site-to-site VNP between them.</P><P></P><P>And also, I my case the PING timed out at 993.</P><P></P><P>Do you have a work-around?</P><P></P><P>Thanks </P><P></P><P>Frank</P><P></P><P></P><P></P><P></P><P></P></BODY></HTML> Thu, 05 Aug 2004 00:23:09 GMT https://community.cisco.com/t5/network-security/trying-to-find-the-highest-possible-mtu/m-p/46350#M1063012 fbenny 2004-08-05T00:23:09Z https://community.cisco.com/t5/network-security/trying-to-find-the-highest-possible-mtu/m-p/46351#M1063013 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>I'am investiguated on the same issue. Did you get an answer? Do you have a workaround?</P><P></P><P>Regards,</P><P></P><P>Frédéric</P></BODY></HTML> Fri, 25 Feb 2005 10:37:47 GMT https://community.cisco.com/t5/network-security/trying-to-find-the-highest-possible-mtu/m-p/46351#M1063013 fzink 2005-02-25T10:37:47Z