Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1170
Views
5
Helpful
1
Replies

Which recommendations for GRE tunnel overlay over SDWAN viptela system (ipsec underlay)?

Go to solution
boythanhdat_2012
Level 1
Level 1

‎09-29-2020 09:51 PM

Hi guys,

We have 1 SDWAN system as below diagram:

 

LAN1---Core 1 -------- cEdge1 ----transport sdwan----cEdge2-----Core2---LAN2

 

With:

- Cedge 1 have ipsec tunnel to cEdge2 by default of sdwan.

- Core 1 have gre tunnel with Core 2.

Actually, we tested: Gre tunnel of Core1-Core2 is up and we can ping between LAN1 and LAN2. But LAN1 can't access service of LAN2.

I checked in cEdge1 and cEdge2 with ipsec tunnel mtu 1441 and tcp-mss 1361 (automaticlly setup by sdwan system).

 

Any suggestions for this case?

 

Thanks all guys!

Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
boythanhdat_2012
Level 1
Level 1

‎10-09-2020 05:56 AM

Yesterday, I changed mtu and tcp mss in gre tunnel as below:

 

Interface tunnel (GRE)
ip mtu 1400
ip tcp adjust-mss 1360

 

And the service is ok now. 

View solution in original post

0 Helpful
1 Reply 1

Go to solution
boythanhdat_2012
Level 1
Level 1

‎10-09-2020 05:56 AM

Yesterday, I changed mtu and tcp mss in gre tunnel as below:

 

Interface tunnel (GRE)
ip mtu 1400
ip tcp adjust-mss 1360

 

And the service is ok now. 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents