Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
1210
Views
0
Helpful
0
Comments

In LAN-to-LAN VPN tunnel on router, packets exceeding 1500 maximum transmission units (MTU) are dropped

TCC_2
Level 10
Level 10

‎06-22-2009 03:35 PM - edited ‎08-23-2017 09:25 PM

 

Introduction:

This document describes an issue faced by an user.

 

What is MTU?

 

The MTU can be defined as the maximum size of a single data packet. "bytes" is used to measure it. MTU for Ethernet is 1500 bytes. Some networks have larger MTUs, and some have small. But all physical technologies have fixed MTU value.

 

A list of some technologies with their MTU Values is mentioned below:

 

      Network                          MTU (bytes)

   ----------------------------------------------------------------

   16 Mbps Token Ring                 17914

   4 Mbps Token Ring                    4464

   FDDI                                        4352

   Ethernet                                   1500

   IEEE 802.3/802.2                      1492

 

Core issue

 

Packets come in with the df bit set, and when they get encrypted, they exceed the 1500 MTU size limitation.

 

Resolution

  1. If you are running Cisco IOS  Software Release 12.2(2)T or later, you can enter the crypto ipsec df-bit clear command.

 

2.   If you are not able to enter the above command, then add the following commands:

 

      access-list 190 permit ip any any

 

      route-map cleardf permit 10

        match ip address 190 

        set ip df 0

 

      interface inside_interface_name

         policy route-map cleard

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents