06-25-2013 08:25 AM - edited 03-04-2019 08:18 PM
Hi All,
When doing a trace from a Unix box to a VPN connected site the packets don't seem to send from my Cisco VPN router until the MTU is at 1006. Does this seem a bit low? Do I have a config issue somewhere?
7 172.27.x.x (172.27.x.x 47 ms) - My VPN ROUTER
fragmentation required, trying new MTU = 1492
7 * 49 ms
fragmentation required, trying new MTU = 1480
7 * 49 ms
fragmentation required, trying new MTU = 1472
7 * 49 ms
fragmentation required, trying new MTU = 1006
7 172.27.y.y (172.27.y.y) 197 ms 170 ms 189 ms _ Destination - eventually.
06-25-2013 08:52 AM
This seem a bit too low. Try pinging intermediate locations with DF bit set, to determine if MTU is being cut down on the path somewhere.
06-25-2013 09:13 AM
I done a ping using the following to the same address and can get a reply when using MTU 1400 Does this suggest that the router just dropped all the way down to 1006 in my previous example without trying higher MTU.
Looking at my initial post, and the output below, does it look like there is actually an issue? I'm not sure why/where the 1006 MTU came from, it 1400 is working below.
C:\ping 172.27.67.5 -f -l 1400
Pinging 172.27.67.5 with 1400 bytes of data:
Reply from 172.27.67.5: bytes=1400 time=178ms TTL=243
Reply from 172.27.67.5: bytes=1400 time=170ms TTL=243
Reply from 172.27.67.5: bytes=1400 time=203ms TTL=243
Reply from 172.27.67.5: bytes=1400 time=193ms TTL=243
Ping statistics for 172.27.67.5:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 170ms, Maximum = 203ms, Average = 186ms
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide