cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1574
Views
0
Helpful
4
Replies

IP MTU on both IPsec /GRE VPN

pmpesha
Level 1
Level 1

Can you share the best practice to configure the ip mtu setting on such a vpn connection? Thank you.

4 Replies 4

ciscocow
Level 1
Level 1

For GRE: The ip mtu command needs to be put on the GRE tunnel and the physical interface.

For IPSEC: It would be the physical interface as you do not have a logical interface in which to place that command.

Also do not forget to add the "ip tcp adjust-mss" command, or you will have alot of headaches.

Hi,

I am using the IPSEC tunnel but enabled the IP mtu under tunnel. Is it a good practice to enable IP mtu under tunnel only. Also what exactly the "ip tcp adjust-mss" will do?

Please explain.

Thanks in advance.

Thank you ciscocow. I do have tihe ip mtu configured on my GRE tunnels, with the ip tcp adjust-mass. Mu Ipsec interfaces hare using the defalut value (1500), I do not have the ip tcp adjust-mass configured. When I do perform the test on my IPsec interfaces I do get an error about failing MTU size and Do not Fragment bit, any ideas?

i would be using IP MTU of about 1440. This will be low enough to fix any issues. Just make sure its on the physical outside interface and the GRE tunnel.

Here is a link to what tcp mss-adjust does.

http://www.cisco.com/en/US/tech/tk827/tk369/technologies_tech_note09186a0080093f1f.shtml

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: