Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
628
Views
0
Helpful
2
Replies

Strange!!! Seems to be a MTU issue

netadmindetail
Level 1
Level 1

‎01-28-2008 06:44 AM - edited ‎03-09-2019 07:58 PM

Hi all

I have some problem to establish a TS session between 2 desktops. I have 2 C831 with IPSec VPN between them and everything work fine. But if I take 2 C871 with the same settings, the session is not establish properly.

Here's my interface settings:

831

LAN (e0) : ip tcp adjust-mss 1380

VPN (tu0) : ip mtu 1436

871

LAN (vl1) : ip tcp adjust-mss 1380

VPN (tu0) : ip mtu 1436

The only difference is the LAN interface. I tought that maybe a VLAN header increase the packet size but it's not.

The only workarounds that I found is :

Set the ip tcp adjust-mss to 1330

OR

Disable the hardware encryption,

Does anyone has already have that kind of issue ?

Thank you very much

Labels:
0 Helpful
2 Replies 2

ajagadee
Cisco Employee
Cisco Employee

‎01-28-2008 09:09 AM

Have you tried pinging different packet size with the IPSEC Tunnel up between the 831's.

Unless its a software or hardware caveat, I would not disable hardware encryption. Depending upon what you have configured on the 831, the 831 CPU may be overwhelmed with encrypting/decrypting packets. So, I would give the "ip tcp adjust-mss" command a shot.

Regards,

Arul

** Please rate all helpful posts **

0 Helpful

netadmindetail
Level 1
Level 1
In response to ajagadee

‎01-28-2008 12:00 PM

I try this on 831 and on 871, but I reach the same packet size

ping [IP address of the remote node] -f -l [packet size]

At 1346 I can ping, but at 1347 (packet must be fragmented) on both devices.

What's the difference between those routers ?

0 Helpful
Customers Also Viewed These Support Documents