I am adding a new branch and connecting it by VPN to ventral site. The central site is the hub site for VPN tunnels. The issue I am facing is that the new branch's Internet link has MTU 1452 (because of PPPOE) and the MTU of outside interface in the branch is set to 1452.
Is there any way to keep MTU as 1500 in outside interface in hub site and change the MTU for one peer only (the new branch)?
I am trying to avoid any changes in central site that may affect other branches.
Does it help if I enabled pmtu? currently, pmtu configuration is as below:
crypto ipsec security-association pmtu-aging infinite
below is a sample configuration
crypto map Crypto-Map 50 match address <new branch subnets>
crypto map Crypto-Map 50 set peer <new branch public IP>
crypto map Crypto-Map 50 set ikev1 transform-set ESP-3DES-SHA
crypto map Crypto-Map interface outside
unnel-group <new branch public IP> type ipsec-l2l
tunnel-group <new branch public IP> ipsec-attributes
ikev1 pre-shared-key !Site2Site!