ā06-23-2020 06:41 AM - edited ā07-10-2020 02:00 PM
I'm currently in the works of configuring DMVPN on an ISDN network. I've used Cisco's DMVPN guide in order to help me create the DMVPN config. But I keep getting TCP timeouts on a device on the spoke side, this device is collecting data from a database on the hub's side. This DMVPN is also using ipsec to encrypt the packets going over the ISDN 30.
I've set the MTU for both the tunnel and dialer interfaces on both sides to 1440 (to accommodate for the tunnel and ipsec overhead), do I need to set the MTU of the actual serial interfaces as 1440? As this will cause problems for other routers that are calling into the hub router that are not using DMVPN since they won't have their MTU as 1440.
Another question I have is what MTU to actually set, as the dialer interfaces and the serial interfaces on both sides are using PPP as encapsulation, will I need to decrease the MTU by another 8 bytes in order to make sure no packets are getting fragmented?
I've included the configs for both the hub and spoke routers.
Any help will be greatly appreciated.
ā06-23-2020 06:52 AM
Hi,
I'd leave the Dialer interface MTU value as before.
Cisco best practice for DMVPN tunnel interface is MTU = 1400 and TCP MSS = 1360
Reference here, Cisco Live BRKSEC-3052
ā06-24-2020 04:11 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide