Solved: Re: FPR1010 FTD LAN Connections only access internet when MTU manually

TheGoob · ‎04-04-2022

Hello

I had a very similar post but without the knowledge of it being an MTU issue so I wanted to post something more specific.

My FPR is set for PPPoE w/ a WAN MTU 1492 as instructed, and have always done for PPPoE. My FPR software is 7.1.0 and my FPR configuration is very standard and default, just to get internet working.

As I say, my WAN PPPoE MTU is 1492 and my 2-7 LAN ports are set default 1500 MTU and no host devices can surf the web. I dropped the LAN MTU's on FPR to 1492 with no results. I drop LAN MTU to 1472 and same results, BUT if I leave FPR LAN at 1500 and set the host devices to 1472, everything works buttery smooth.

I am clearly missing something OR my FPR is malfunctioning when I set the LAN ports to the 1472. Or it is something else... But I am at a loss.

On one side I am more than happy to manually set each and every device to 1472 but I feel this is not acceptable and also many devices you can not change MTU.

I am hoping that I am missing something but it seems I can only get Internet access with 1492 WAN NTU and then leaving the FPT LAN ports at 1500 and setting each device to 1472 can I only surf.

TheGoob · ‎04-04-2022

Found it, fixed it, got it good.

https://quickview.cloudapps.cisco.com/quickview/bug/CSCvu71743

View solution in original post

balaji.bandi · ‎04-04-2022

You need to change the MTU where ISP connected Port outside,

There is no need to change MTU on inside interface.

First setup FTD with correct MTU, make sure you able to ping 8.8.8.8 using outside interface before you doing anything on inside LAN

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

TheGoob · ‎04-04-2022

I am confused by this.

Are you suggesting I change the WAN/Outside? By default it was 1500 MTU and nothing worked at all. After looking over my other ASA Configuration and Documentation on PPPoE I had changed it to 1492 as I had it on other devices. So the WAN/Outside is indeed 1492.

Are you suggesting I change that again?

Originally OUTSIDE and INSIDE were 1500 MTU. I know 1492 is required for PPPoE so that was changed. But now my LAN will only work with 1472!

I guess I am misunderstanding your direction.

balaji.bandi · ‎04-04-2022

ISP--MTU-change--Outside--FTD--Inside(no MTU change required here)--Lan

You rquired to change where your ISP pppoe connected, Not Lan side.

if that is the not the case, we need to know more information, and config

what switch (post the config ?)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

TheGoob · ‎04-04-2022

Well I do not have any config I can post now. But can do so when I get home

But to clarify, FPR1010 GE 1/1 (OUTSIDE) is set for PPPoE @ 1492 MTU (1500 wont work as several documents call for 1492). By default GE 1/2-1/7 (inside) are MTU 1500. No device I connect to GE 1/2-7 will access the Internet unless I change HOST MTU to 1472. So I tried to change GE 1/2-7 (inside) MTU to 1472 but oddly no HOST will connect. I can only access Internet on (inside) if FPR GE 1/2-7 is set back to 1500 but HOST changed to 1472.

balaji.bandi · ‎04-04-2022

I am afraid with out seeing config, i can not comment any more here. (my suggestion based on many devices setup)

Generally Lan side we do not change MTU (but may be your case different never seen my cases). until there is requirement.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

TheGoob · ‎04-04-2022

I completely understand and I will get some hard data for you to look at.

I was just hoping that in understanding what "should be" versus what I have to do to get it to work if there was a reverse method in figuring out why.