Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1686
Views
25
Helpful
8
Replies

Ping1500 size

CCIE Aspirant
Level 1
Level 1

‎05-08-2022 04:57 AM - edited ‎05-10-2022 04:13 AM

Hi all,

we have our remote office where we have cisco . The router is having IPsec tunnel to our main head office. All the traffic from the remote office is forwarded through the tunnel to head office router. 

Our Problem is that we can not ping google with size 1500 from the remote office the maximum size is 1000. 

 

 

 

Kindly needs solution for this matter.

 

 

8 Replies 8

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎05-08-2022 10:25 AM

Issue sounds normal, in that tunnels decrease effective IP MTU due to tunnel overhead (especially IPSec).

Two "solutions" that come to mind.

First, if media supports jumbo Ethernet, than your (mGRE/IPSec) tunnel packets can support "classical" max size Ethernet MTU.

Second, have router "lie" to client.  I.e. have router reset DF bit and transmit fragmented packet.

 

CCIE Aspirant
Level 1
Level 1
In response to Joseph W. Doherty

‎05-09-2022 01:22 AM

thanks for the reply

 

Media at remote side is LTE sim.

 

****Second, have router "lie" to client.  I.e. have router reset DF bit and transmit fragmented packet****

can u please elaborate the above statement please.

 

 

0 Helpful

MHM Cisco World
VIP
VIP

‎05-08-2022 11:06 AM

ip mtu 1398 in head Office <- this effect the total all MTU

ip mtg 1365 in remote "include two IP header one GRE and other is IPSec if you config tunnel mode, here can you try transport mode instead and save 24 bytes".

Richard Burts
Hall of Fame
Hall of Fame
In response to MHM Cisco World

‎05-08-2022 02:42 PM

Issues with MTU are common when sending traffic over an IPSec tunnel. tcp adjust-mss is usually quite effective in this situation. But it is limited to tcp traffic. I would expect that web browsing and other tcp based applications should work pretty well. But it does not do anything for ping and other non-tcp traffic.

I see that you are setting ip mtu on the tunnel interfaces. Are you also doing that on the outbound interface that carries the tunnel traffic?

HTH

Rick

CCIE Aspirant
Level 1
Level 1
In response to Richard Burts

‎05-09-2022 01:16 AM - edited ‎05-10-2022 04:15 AM

Thanks for the reply 

from remote office we can have ping to our HQ router with 1500 size. But when we try to ping google dns, then we can not do more then 1000bytes. 

 

0 Helpful

CCIE Aspirant
Level 1
Level 1
In response to MHM Cisco World

‎05-09-2022 01:18 AM - edited ‎05-10-2022 04:15 AM

thanks for the reply

so what size should I pick at HO router so that we can might reach somewhere near to 1500 size ping ?

I have tried many values but can not get more then 1000 bytes response ping.

 

0 Helpful

MHM Cisco World
VIP
VIP
In response to CCIE Aspirant

‎05-10-2022 12:26 PM

Hi, 
what is router you use in remote site ?
can you ping HQ with 1360 ??

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card