09-09-2008 07:43 AM - edited 02-21-2020 03:55 PM
Hi,
we run a software package over a lan2lan vpn. if we run this package over a cisco vpn lan2lan it does not work but if we break out locally over the internet instead of over the lan2lan it does work.
has anyone had issues with mtu sizes over a vpn tunnel (lan2lan not remote access).
09-09-2008 12:41 PM
Yes it is possible there is fragmentation issue over the tunnel if you can ping between the hosts over vpn tunnel without any problems.
You may have to adjust TCP MSS value on vpn end devices .
Try to adjust TCP MSS value on PIX if your vpn end device is PIX .
sysopt connection tcp-mss MSS_size_in_bytes
example : sysopt connection tcp-mss 1360
You can also find the exact size for your connection using extended ping utility from your workstation as explained in following link .
For PIX and router( as vpn end devices) use following link
For ASA
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804c8b9f.shtml
HTH
Saju
Pls rate if it helps
09-09-2008 12:50 PM
hey.
we are using cisco 2800 at one head with ethernet broadband (mtu 1500) and the other end is a 1841 with adsl card (mtu is i think 1400 or 13xx not sure). anyway the mtu is not the same on both routers but have the correct mtu tcp adjuss mss in each.
would this make a big difference if the mtu is different on either end of the link?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide