06-23-2020 06:41 AM - edited 07-10-2020 02:00 PM
I'm currently in the works of configuring DMVPN on an ISDN network. I've used Cisco's DMVPN guide in order to help me create the DMVPN config. But I keep getting TCP timeouts on a device on the spoke side, this device is collecting data from a database on the hub's side. This DMVPN is also using ipsec to encrypt the packets going over the ISDN 30.
I've set the MTU for both the tunnel and dialer interfaces on both sides to 1440 (to accommodate for the tunnel and ipsec overhead), do I need to set the MTU of the actual serial interfaces as 1440? As this will cause problems for other routers that are calling into the hub router that are not using DMVPN since they won't have their MTU as 1440.
Another question I have is what MTU to actually set, as the dialer interfaces and the serial interfaces on both sides are using PPP as encapsulation, will I need to decrease the MTU by another 8 bytes in order to make sure no packets are getting fragmented?
I've included the configs for both the hub and spoke routers.
Any help will be greatly appreciated.
06-23-2020 06:52 AM
Hi,
I'd leave the Dialer interface MTU value as before.
Cisco best practice for DMVPN tunnel interface is MTU = 1400 and TCP MSS = 1360
Reference here, Cisco Live BRKSEC-3052
06-24-2020 04:11 AM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: