Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2821
Views
0
Helpful
2
Replies

L2TP VPN MTU Issues

christopher.wood
Level 1
Level 1

‎08-03-2011 05:37 AM - edited ‎03-01-2019 02:28 PM

Hi,

     Currently I have a wholesale connection to customer's through a 3rd party internet service provider. I use several vpdn-groups to the 3rd part company over an ATM connection.

Problem is we had a customer get onto to our wholesale DSL, and his L2TP VPN connection would not work, PPTP VPN connections work fine. After doing research I found that the MTU and ip tcp adjust-mss needed to be re-configured. I added ip mtu 1460 and ip tcp adjust-mss 1420 onto a virtual-template we use for each vpdn-group. After that the customer worked fine for a month, but suddenly his connection stopped working. After doing some ping tests we couldn't pass anything larger than 1432, which is too small. I played with the settings, but we'd lose connectivity to our other customers, so I ended up setting it back to what I had set it to before (ip mtu 1460 and ip tcp adjust-mss 1420) and suddenly I can pass 1452 size packets, and the customer's L2TP VPN conneciton is working again. It worked for another two weeks, and then it stopped working again.

The router I am using is a Cisco 7206VXR (NPE400) and the system image file is "disk0:c7200-js-mz.124-25e.bin".

Here is an example of our vpdn-groups:

vpdn-group 82

description XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

accept-dialin

  protocol l2tp

  virtual-template 1

terminate-from hostname XXXXXXXXX

local name XXXXXXXXXX

lcp renegotiation always

l2tp tunnel password 7 XXXXXXXXXXXXXXXXXXXXXXXXXX

...and the vritual-template looks like this:

interface Virtual-Template1

mtu 1460

ip unnumbered Loopback1

no ip redirects

no ip unreachables

no ip proxy-arp

ip tcp adjust-mss 1420

no snmp trap link-status

peer default ip address pool local1

keepalive 60

ppp authentication chap pap interface

Does anyone know if this is a Hardware problem, or a Software bug? Or is this some kind of negotiation issue with the MTU sizes?? Can anyone help me on this?

Thanks.

Christopher.

Labels:
0 Helpful
2 Replies 2

Christopher Stock
Level 5
Level 5

‎06-09-2016 07:31 PM

Hey Christopher,

Did you ever find a solution to this? I am having the same issue on a new setup.

Thanks

0 Helpful

christopher.wood
Level 1
Level 1
In response to Christopher Stock

‎06-10-2016 06:43 AM

This was a awhile ago... I did end up updating the image on the device, but I recall having an issues and so I reverted back. Then I attempted it again with a different version (couldn't tell you which one, I don't work for that company anymore) and if I recall it ended up fixing the issue. Never knew why it kept reverting back without actually changing the config, it was weird. Or at least that customer never complained again.. I think we checked on him a month or so later and he said he was still doing fine. It was awhile back now, I can't recall all the details.

0 Helpful
Customers Also Viewed These Support Documents