Running into MTU issues with VPN running on Cisco 7206VXR

Discussion in 'Cisco' started by amit1017, Oct 17, 2007.

  1. amit1017

    amit1017

    Joined:
    Oct 15, 2007
    Messages:
    2
    Likes Received:
    0
    Hi Everyone,

    I am having a strange problem. MY VPN Gateway is on Cisco 7206VXR, running 12.4(5a) code. Its peering with one of our client, who's VPN is Cisco 3700 router. My application is not able to send 1500 byte packets to the cilent. MTU on the VPN is set to 1500 byte. I know with the IPsec header, I was exceeding the MTU limitation, hence getting dropped.

    I had the application team clear the DF bit, hoping that it would fix the problem. But it didn't. On my packet capture, I see continuous re-transmissions of the same packet, followed by session disconnect (its the nature of the app - Its FIX traffic).

    I have been told, I should adjust the TCP MSS value on my VPN gateway. Can someone help me out on this? Will this solve my problem? How does adjusting MSS value help?

    My understanding is that when a TCP handshake is made, it overrides their MSS value with what we set. Is there any downside to changing the MSS value on the VPN? As it will be global change and affect all sessions through the VPN. Please help :(. Thanks in advance.

    Amit.
     
    amit1017, Oct 17, 2007
    #1
    1. Advertisements

  2. amit1017

    amit1017

    Joined:
    Oct 15, 2007
    Messages:
    2
    Likes Received:
    0
    Wondering if someone can provide any input? Thanks.
     
    amit1017, Oct 18, 2007
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.