Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1026
Views
0
Helpful
2
Replies

DMVPN MTU Calculations

rgreville666
Level 1
Level 1

‎03-19-2014 11:22 AM - edited ‎02-21-2020 07:34 PM

Hi,

Please can someone help me understand why I am able to transmit a 1472 Byte packet without fragmentation across DMVPN Tunnel (IPSec protection mode)..

This is what I am expecting

  • IPSec Overhead (Transport mode saving 20 Bytes) 52Bytes
  • GRE Overhead 24Bytes
  • Total = 76 Bytes

The Tunnel runs over Ethernet (1500 Bytes) 1500 – 76 = 1424Bytes.. So how am I able to transmit 1472Bytes, I’ve checked the Links and can see the ESP encapsulation etc.. What have I got wrong?

Thanks

Grev 

Labels:
0 Helpful
2 Replies 2

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎03-20-2014 04:04 AM

You mean no fragmentation on the router, but what about reassembly on remote end.

How was this confirmed? How was it tested? What platforms? What versions? What configurations? There's lots of small bit that could add into it. :-)

 

At a glance it looks like DF bit was not copied over to IPsec header. Again, it's just a shot in the dark :-)

I would really suggest opening a TAC case for this, this description tickled something in my memory, but I can't put my finger on it.

0 Helpful

Marcin Latosiewicz
Cisco Employee
Cisco Employee
In response to Marcin Latosiewicz

‎03-20-2014 04:04 AM

Among others, this one rings a bell - CSCtq09372

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents