Hi,
Well, to get to the bottom the issue, we would need the show-tech of the device. If not the complete one then just the show-version and details of show interface and VPN relevant configuration.
Possibly you can try the following and check if the issue gets resolved.
Configure "crypto ipsec df-bit clear" and re-configure
"tunnel-path-mtu-discovery".
Also, configure "ip mtu 1400" under the tunnel interfaces:
int tun X
ip mtu 1400
crypto ipsec df-bit [clear | set | copy]
Example:
Router(config)# crypto ipsec df-hit set
Sets the DF bit for the encapsulating header in tunnel mode for all interfaces.
* The clear keyword clears the DF bit in the outer IP header, and the router may
fragment the packet to add the IP Security (IPSec) encapsulation.
* The set keyword sets the DF bit in the outer IP header, however, the router may
fragment the packet if the original packet had the DF bit cleared.
* The copy keyword has the router look in the original packet for the outer DF bit
setting. The copy keyword is the default setting.
Regards,
Abhishek Purohit
CCIE-S- 35269
Regards,
Abhishek Purohit
CCIE-S- 35269