Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
485
Views
0
Helpful
1
Replies

MTU on VPN 3030 Public interface

tech
Level 1
Level 1

‎08-04-2005 05:29 PM

I have a few instances with the Cisco VPN client when the MTU has to be lowered. I have had users ping with the -f and -l option to determine the largest packet size that can traverse the VPN. I have a question on the most efficient method.

If the largest packet size is 1200 that replies from the ping test, should I set the MTU on the Publice interface of the VPN 3030 to 1242? Also, set the MTU on each client to Custom --> 1242 bytes?

I also have the default Public Fragmentation Policy on the VPN 3030. "Do not fragment prior to IPSec encapsulation; fragment prior to interface transmission"

Would this work best in most cases?

Thanks,

RJ

Labels:
0 Helpful
1 Reply 1

shijogeorge
Level 1
Level 1

‎08-09-2005 11:03 PM

Hi,

The MTU settings has to be changes at the client end only, not at the Concentrator end.

And I would suggest to go in for the Fragmentation policy "Fragment prior to IPSec encapsulation without Path MTU Discovery (Clear DF bit)" as this could avoid sending fragmented IP packets and this works fine in situations where ICMP is blocked also.

Regards,

Shijo George.

0 Helpful
Customers Also Viewed These Support Documents