Introduction:
This document describes an issue faced by an user.
What is MTU?
The MTU can be defined as the maximum size of a single data packet. "bytes" is used to measure it. MTU for Ethernet is 1500 bytes. Some networks have larger MTUs, and some have small. But all physical technologies have fixed MTU value.
A list of some technologies with their MTU Values is mentioned below:
Network MTU (bytes)
----------------------------------------------------------------
16 Mbps Token Ring 17914
4 Mbps Token Ring 4464
FDDI 4352
Ethernet 1500
IEEE 802.3/802.2 1492
Core issue
Packets come in with the df bit set, and when they get encrypted, they exceed the 1500 MTU size limitation.
Resolution
- If you are running Cisco IOS Software Release 12.2(2)T or later, you can enter the crypto ipsec df-bit clear command.
2. If you are not able to enter the above command, then add the following commands:
access-list 190 permit ip any any
route-map cleardf permit 10
match ip address 190
set ip df 0
interface inside_interface_name
policy route-map cleard