https://community.cisco.com/t5/network-security/fragmentation/m-p/1075290#M896460 <P>I have 2 networks connected through a VPN from a PIX 525 to a PIX 525 and traffic that is over 1200 MTU is not traversing the tunnel. I have tried to set the PIX interfaces to 1200 MTU and permitting pre-encryption fragmentation but to no avail any thoughts???</P> Mon, 11 Mar 2019 13:43:45 GMT bob.bartlett 2019-03-11T13:43:45Z https://community.cisco.com/t5/network-security/fragmentation/m-p/1075290#M896460 <P>I have 2 networks connected through a VPN from a PIX 525 to a PIX 525 and traffic that is over 1200 MTU is not traversing the tunnel. I have tried to set the PIX interfaces to 1200 MTU and permitting pre-encryption fragmentation but to no avail any thoughts???</P> Mon, 11 Mar 2019 13:43:45 GMT https://community.cisco.com/t5/network-security/fragmentation/m-p/1075290#M896460 bob.bartlett 2019-03-11T13:43:45Z https://community.cisco.com/t5/network-security/fragmentation/m-p/1075291#M896461 <HTML><HEAD></HEAD><BODY><P>Is it the mtu or the mss ?</P><P></P><P></P><P>Please try this on both pix ( if they are running 7.x or 8.x code ) :</P><P></P><P></P><P></P><P>access-list http-list2 permit ip any any</P><P>class-map http-map1</P><P>match access-list http-list2 </P><P>exit</P><P>tcp-map mss-map</P><P>exceed-mss allow</P><P>exit</P><P>policy-map global_policy</P><P>class http-map1</P><P>set connection advanced-options mss-map</P><P>exit</P><P>exit</P><P></P><P></P><P>Please rate if helps.</P><P></P><P></P><P>Regards,</P><P>Sushil</P></BODY></HTML> Fri, 12 Sep 2008 18:46:22 GMT https://community.cisco.com/t5/network-security/fragmentation/m-p/1075291#M896461 suschoud 2008-09-12T18:46:22Z