"IPSec can make fragmentation problems worse, because it lengthens each IP packet by one, or possibly two, IP headers. These added headers vary in length by choice of IPSec protocols (and whether IntraPort's "NAT transparency" is also in use), but empirically they do not exceed 80 bytes per packet"