Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
2685
Views
0
Helpful
0
Comments

Unable to send large packets through the VPN tunnel on the router, but small packets can still pass through the VPN tunnel

TCC_2
Level 10
Level 10

on ‎06-22-2009 05:30 PM

Core issue

This issue occurs when an inappropriate Maximum Transmission Unit (MTU) size is configured on the router.

Resolution

This issue occurs because the IPsec VPN adds an overhead to the packet, which can cause it to surpass the valid MTU. The default Ethernet MTU is 1500.

Configure these commands on the LAN side of the router ( both the VPN end-point) :


If it continues to fail, try the crypto ipsec df-bit clear command on the Public (outside) interface on the routers.

Refer to the TCP MSS Adjustment Configuration Example section of TCP MSS Adjustment.

Refer to the DF Bit Setting Configuration Example section of DF Bit Override Functionality with IPSec Tunnels

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents