cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Choose one of the topics below for SD-WAN Resources to help you on your journey with SD-WAN

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC!
We will not comment or assist with your TAC case in these forums.

215
Views
5
Helpful
1
Replies
Highlighted

Which recommendations for GRE tunnel overlay over SDWAN viptela system (ipsec underlay)?

Hi guys,

We have 1 SDWAN system as below diagram:

 

LAN1---Core 1 -------- cEdge1 ----transport sdwan----cEdge2-----Core2---LAN2

 

With:

- Cedge 1 have ipsec tunnel to cEdge2 by default of sdwan.

- Core 1 have gre tunnel with Core 2.

Actually, we tested: Gre tunnel of Core1-Core2 is up and we can ping between LAN1 and LAN2. But LAN1 can't access service of LAN2.

I checked in cEdge1 and cEdge2 with ipsec tunnel mtu 1441 and tcp-mss 1361 (automaticlly setup by sdwan system).

 

Any suggestions for this case?

 

Thanks all guys!

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Yesterday, I changed mtu and tcp mss in gre tunnel as below:

 

Interface tunnel (GRE)
ip mtu 1400
ip tcp adjust-mss 1360

 

And the service is ok now. 

View solution in original post

1 REPLY 1
Highlighted

Yesterday, I changed mtu and tcp mss in gre tunnel as below:

 

Interface tunnel (GRE)
ip mtu 1400
ip tcp adjust-mss 1360

 

And the service is ok now. 

View solution in original post