Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
11224
Views
0
Helpful
3
Replies

ip tcp adjust-mss & mtu size

mulhollandm
Level 1
Level 1

‎01-30-2010 04:11 PM - edited ‎03-04-2019 07:21 AM

folks

i have a site to site vpn with possible mtu issues

i have configured the ip tcp adjust-mss 1300 command on both the lan side closest to the AD servers and on the interface facing the wan on my local router

the vpn doesn't start on the routers but on an attached hardware encryptor

there is another hardware encryptor on the remote site

i also have a route-map applied to the external/wan interface of my local router

route-map clear-DF permit 10
match ip address 150
set ip df 0

ACL 150 is  permit tcp any any

this has resolved lots of issues i was having with users trying to get authenticated internet access from the remote site across the vpn but i'm getting reports of problems adding new machines to the remote lan and with applying group policy

can someone advise

- should i set the mtu as well as configuring the ip tcp adjust-mss 1300 command

- are there any relevant config guides for a site to site vpn and using adjust-mss

i've attached a basic topology so hopefully it will help

thanks to anyone taking the time to read this or to reply

greatly appreciated

Labels:
60522-Remote LAN.jpg
Preview file
17 KB
0 Helpful
3 Replies 3

Reza Sharifi
Hall of Fame
Hall of Fame

‎01-30-2010 06:30 PM

Hi

Are you using  type-1 encryption devices?

Reza

0 Helpful

mulhollandm
Level 1
Level 1
In response to Reza Sharifi

‎01-31-2010 04:04 AM

reza

it is a type-1 box, tamper resistant etc

thanks

0 Helpful

milan.kulik
Level 10
Level 10

‎02-02-2010 05:21 AM

Hi,

this might help a little:

http://www.cisco.com/en/US/tech/tk827/tk369/technologies_white_paper09186a00800d6979.shtml

What are your current problems in details?

HTH,

Milan

0 Helpful
Customers Also Viewed These Support Documents
Top