Im running a lab combined with production test where we have desktop device traffic travelling over a pix to pix ipsec tunnel, itself which is tunnelled over a pix to pix ipsec tunnel, transiting over a provided MPLS segment (the MPLS which i have no vision of). There are issues with packet MTU, with all the kit at default 1500 mtu, pings drop at 1375 bytes. Forcing a lower MTU of 800, and the pings start droping at 661 bytes. Needless to say the desktop applications have issues... Before I start to look at changing DF bits/TCP MSS, I am wondering if anyone has worked this scenario previously, and found a resolve ??
Thanks
Martyn