Hi

I have Cisco1801/K9 routers and we can monitor it only via PING, as when we monitor it via the SNMP it works for 30-45 minutes and then drop happens. From my management PC, I randomly get don’t fragment” message with both success and failure.

I initially thought that it’s a MTU issues, so from my mgmt. PC I run command “Ping 10.10.10.1 –f –l 1398” and found that ‘df’ message do not appear on MTU size 1398, so I have configured the router crypto vpn interface with IP MTU 1394, but still snmp packets are dropping.”

As this router is establishing site-to-site vpn, so I have configured it with “'crypto ipsec df-bit clear'” but again snmp packet drop.

IOS version of the devices is 'c180x-advipservicesk9-mz.150-1.M7.bin'. No problem on Management software as its managing 1000s' devices via snmp and only this device snmp packet drops frequently, although it can still be managed via PING without any issue.

Please advise that below workaround will work or not for SNMP traffic or advice another solution for SNMP packet drops issue.

ip access-list extended udp-df1
permit udp any any
route-map udp-df0 permit 10
match ip address udp-df1
set ip df 0
!
route-map udp-df0 deny 99

interface ingress0
ip policy route-map udp-df0
!