Have a got an MTU problem? Advice needed

Discussion in 'Cisco' started by thejayman, Jul 30, 2005.

  1. thejayman

    thejayman Guest

    Hi Group,

    We seem to having issues over a Site-To-Site VPN (PIX to CP-NG), this
    really shows itself when users are trying to access remote MS Exchange
    Email, or large downloads.
    Thinking to myself that I they could have an MTU issue I got myself on
    one of their server / workstations and started to use the command PING
    -f -l ???? xxx.xxx.xxx.xxx.

    If I use a value above 1415 I get,
    "Packet needs to be fragmented but DF set.". Which to me says I need to
    set the MTU on the PIX below this level.

    If I go below this value I then get, "Request timed out.". A normal
    ping gets a response from the remote host.
    The MTU on the inside and outside interfaces of the PIX are set to the
    normal value of 1500. Am I looking at this the wrong way? Should I set
    the MTU's on both interfaces to 1410?

    Thanks in advance for your pearls of wisdom.
    Jay
     
    thejayman, Jul 30, 2005
    #1
    1. Advertising

  2. In article <>,
    thejayman <> wrote:
    :We seem to having issues over a Site-To-Site VPN (PIX to CP-NG), this
    :really shows itself when users are trying to access remote MS Exchange
    :Email, or large downloads.
    :Thinking to myself that I they could have an MTU issue I got myself on
    :eek:ne of their server / workstations and started to use the command PING
    :-f -l ???? xxx.xxx.xxx.xxx.

    :If I use a value above 1415 I get,
    :"Packet needs to be fragmented but DF set.". Which to me says I need to
    :set the MTU on the PIX below this level.

    Check out the sysopt for tcpmss .
    --
    "Who Leads?" / "The men who must... driven men, compelled men."
    "Freak men."
    "You're all freaks, sir. But you always have been freaks.
    Life is a freak. That's its hope and glory." -- Alfred Bester, TSMD
     
    Walter Roberson, Jul 30, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. spike240

    have you got any of these i can have

    spike240, Sep 13, 2005, in forum: Case Modding
    Replies:
    4
    Views:
    2,324
    XhArD
    Sep 14, 2005
  2. Henrik
    Replies:
    2
    Views:
    2,459
    Henrik
    Jan 6, 2004
  3. supernet

    VPN MTU problem

    supernet, Feb 3, 2004, in forum: Cisco
    Replies:
    3
    Views:
    16,473
    Hansang Bae
    Feb 4, 2004
  4. Bill B.
    Replies:
    7
    Views:
    4,142
    Captain
    May 13, 2004
  5. V. Evans

    ip mtu / interface mtu

    V. Evans, Aug 19, 2005, in forum: Cisco
    Replies:
    1
    Views:
    21,057
    www.BradReese.Com
    Aug 19, 2005
Loading...

Share This Page