cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
450
Views
0
Helpful
2
Replies

MTU and MSS values for Router when also terminating IPSEC

mikedelafield
Level 1
Level 1

Hi guys.

I wasn't sure to post this in the VPN or the WAN category - so apologies if this appears incorrect.

But essentially I would like to know the recommended MTU and MSS settings, in normal conditions when terminating a VPN on a Cisco Router.

If we take an example of an 877 using ADSL/PPPoA to rule out any additional PPPoE overheads and assume the MTU to be 1500 bytes.

AES256/SHA1 = 73 bytes 

IP header = 20 bytes

TCP header = 20 bytes

Remainder = 1387 bytes

With this is mind should we set the MSS to 1387 and MTU 1427? (to be rounded)

Or set MSS to 1384, but leave the MTU as default 1500?

Or is this logic completely incorrect?

In the example above the VPN is terminating on the same device as the ADSL dialer - as opposed to other examples which may have the VPN termination on an alternate device further downstream, which I realise adds other questions.

Can someone please advise?

Many thanks.

Mike

2 Replies 2

Mike,

is the a GRE or an IPSec VPN ? Check the document below, it gives solutions for different scenarios...

http://www.cisco.com/c/en/us/support/docs/ip/generic-routing-encapsulation-gre/25885-pmtud-ipfrag.html

It's an IPSEC VPN....

Thanks.

Mike

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco