cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
92
Views
0
Helpful
2
Replies
Highlighted
Beginner

MTU and MSS values for Router when also terminating IPSEC

Hi guys.

I wasn't sure to post this in the VPN or the WAN category - so apologies if this appears incorrect.

But essentially I would like to know the recommended MTU and MSS settings, in normal conditions when terminating a VPN on a Cisco Router.

If we take an example of an 877 using ADSL/PPPoA to rule out any additional PPPoE overheads and assume the MTU to be 1500 bytes.

AES256/SHA1 = 73 bytes 

IP header = 20 bytes

TCP header = 20 bytes

Remainder = 1387 bytes

With this is mind should we set the MSS to 1387 and MTU 1427? (to be rounded)

Or set MSS to 1384, but leave the MTU as default 1500?

Or is this logic completely incorrect?

In the example above the VPN is terminating on the same device as the ADSL dialer - as opposed to other examples which may have the VPN termination on an alternate device further downstream, which I realise adds other questions.

Can someone please advise?

Many thanks.

Mike

2 REPLIES 2
VIP Mentor

Mike,

Mike,

is the a GRE or an IPSec VPN ? Check the document below, it gives solutions for different scenarios...

http://www.cisco.com/c/en/us/support/docs/ip/generic-routing-encapsulation-gre/25885-pmtud-ipfrag.html

Beginner

It's an IPSEC VPN....

It's an IPSEC VPN....

Thanks.

Mike

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards