05-15-2007 07:22 AM - edited 03-09-2019 05:59 PM
We are attempting to troubleshoot a VPN tunnel problem - symptom being that the receiver is seeing out of order packets (not unusual, I think) and missing packets. The receiver suspects a black hole router somewhere between our Concentrator and his network. Cisco says it sounds like a packet size issue and recommends setting the fragmentation option to "Fragment prior to IPsec encapsulation with Path MTU Discovery (ICMP)".
I am a novice at this and am wondering if it's better to set the fragmentation option as recommended or lower the MTU setting on the concentrator. It seems from what I've read at various sites that the PMTUD option depends on routers between me and the receiver properly handling that request.
I will add that the missing packet issue is intermittent. The same bundle of data may fail due to a missing packet and then turn around and immediately work when the receiver re-requests the same data.
05-21-2007 10:42 AM
Refer to this white paper, it may help you:
http://www.cisco.com/en/US/tech/tk827/tk369/technologies_white_paper09186a00800d6979.shtml
05-22-2007 11:57 AM
Thanks!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide