Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
549
Views
0
Helpful
2
Replies

Problems sending large packets through IPSec tunnel

netstaff
Level 1
Level 1

‎08-08-2007 08:28 AM - edited ‎02-21-2020 03:12 PM

We currently have a IPSec tunnel between a pix 515 in our main office and a 2801 router at our branch office. The tunnel appears to be having fragmentation issues (problems sending large packets through our network), which is causing several of our programs not to work. We have set the MTU size on the outside interface of the PIX to 1400 bytes and we have set the TCP MTU path discovery on the 2801 router. Does the PIX 515 OS ver 6.3 utilize frag guard or some other feature that could be causing this problem?

Labels:
0 Helpful
2 Replies 2

krishnakomiti
Level 1
Level 1

‎08-08-2007 09:41 PM

Hi,

Use this command on existing router interface "crypto ipsec fragmentation before-encryption" and pix side "crypto ipsec fragmentation before-encryption outside". I hope this will hep for your problem and fragmentaion issue will not show you.

0 Helpful

lgginever
Level 1
Level 1

‎08-08-2007 09:43 PM

have a look at this url - it will probably solve your problem:

http://www.cisco.com/warp/public/105/56.html

I have had success in the past clearing the DF bit before in a situation when decreasing the MTU didn't work (due to the icmp path back to the server being blocked as described in the article).

0 Helpful
Customers Also Viewed These Support Documents