11-25-2016 08:56 AM - edited 03-05-2019 07:33 AM
Hi guys.
I wasn't sure to post this in the VPN or the WAN category - so apologies if this appears incorrect.
But essentially I would like to know the recommended MTU and MSS settings, in normal conditions when terminating a VPN on a Cisco Router.
If we take an example of an 877 using ADSL/PPPoA to rule out any additional PPPoE overheads and assume the MTU to be 1500 bytes.
AES256/SHA1 = 73 bytes
IP header = 20 bytes
TCP header = 20 bytes
Remainder = 1387 bytes
With this is mind should we set the MSS to 1387 and MTU 1427? (to be rounded)
Or set MSS to 1384, but leave the MTU as default 1500?
Or is this logic completely incorrect?
In the example above the VPN is terminating on the same device as the ADSL dialer - as opposed to other examples which may have the VPN termination on an alternate device further downstream, which I realise adds other questions.
Can someone please advise?
Many thanks.
Mike
11-25-2016 11:14 AM
Mike,
is the a GRE or an IPSec VPN ? Check the document below, it gives solutions for different scenarios...
http://www.cisco.com/c/en/us/support/docs/ip/generic-routing-encapsulation-gre/25885-pmtud-ipfrag.html
11-28-2016 02:52 AM
It's an IPSEC VPN....
Thanks.
Mike
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide