Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
569
Views
15
Helpful
3
Replies

Changing MTU to resolve an IPSEC tunnel that won't establish?

Go to solution
CiscoPurpleBelt
Level 6
Level 6

‎01-27-2021 03:57 PM

I know many times you must change the MTU to less than the default otherwise certain Aps, sites, etc. the traverse the tunnel have poor performance, but are there instances where MTU could play a part in just establishing Ikev1 tunnels between two routers? 

Don't have the debugs right (to verify where it is failing or what errors seen) here but all parameters are the same on both ends, keys, etc., IPSEC negotiation traffic makes it to both ends, wondering if MTU could play a part just on tunnel negotiations.

 

2 Accepted Solutions

Accepted Solutions

Go to solution
Deepak Kumar
VIP Alumni
VIP Alumni

‎01-27-2021 11:47 PM

Hi,

I have never seen that MTU could cause of negotiation issue. Yes, I faced slowness or some of the services not working issue due to MTU. I would like to check logs and configuration.

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

View solution in original post

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Deepak Kumar

‎01-28-2021 09:11 AM

I can not think of a circumstance where MTU would prevent ISAKMP negotiation. It really would be helpful to see the debug output.

HTH

Rick

View solution in original post

3 Replies 3

Go to solution
Deepak Kumar
VIP Alumni
VIP Alumni

‎01-27-2021 11:47 PM

Hi,

I have never seen that MTU could cause of negotiation issue. Yes, I faced slowness or some of the services not working issue due to MTU. I would like to check logs and configuration.

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Deepak Kumar

‎01-28-2021 09:11 AM

I can not think of a circumstance where MTU would prevent ISAKMP negotiation. It really would be helpful to see the debug output.

HTH

Rick

Go to solution
CiscoPurpleBelt
Level 6
Level 6
In response to Richard Burts

‎02-02-2021 05:08 AM

Yes that is what I thought, had to make sure.

Too challenging to post on here, I can't even get to the remote site in any fashion LOL.

 

Thanks again!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card