VPN and MTU size.

Discussion in 'Cisco' started by Gary, Apr 23, 2005.

  1. Gary

    Gary Guest

    When you do thisover ADSL is there some MTU Overhead for the VPN also.

    It is failing even though we can ping end points.

    I.e Outlook fails even though telner <server> 25 works so seems to be some
    packet size issue over the VPN.

    Had the same problem for regular traffic without a VPN but adjusted various
    MTU / PMTU sizes and all seemed OK.

    Is there an equivalent for VPN MTU ?

    Gary, Apr 23, 2005
    1. Advertisements

  2. Gary

    RobO Guest

    Hi Gary,

    There is overhead when you take into account the ESP/AH
    headers/trailers and encryption.

    I think your answer lies in lowering the Maximum TCP segment size on
    the relevant interfaces.
    Are you using Cisco Routers as the endpoints?
    If so then on the interfaces on either side of the tunnel, you will
    need to play around with the segment size with this command under the
    "ip tcp adjust-mss 1440"
    Try playing around with this value ie lowering it if necessary and see
    if Outlook works.
    Telnet is comprised of much smaller packets so you cant test with that.

    Hope this helps,

    RobO, Apr 23, 2005
    1. Advertisements

  3. Gary

    Gary Guest

    End user to end user have a cisco at one end and a cheapo ADSL router at the
    other. They connect to the same central ADSL pipe which terminates with the
    ADSL provider.

    We connect the ADSL provider over a VPDN L2TP so they appear invisible in
    any traceroutes etc.

    When not using a VPN end users can do everything they need but after the VPN
    is up the trouble starts. Our router for the VPDN is also aCisco.

    Gary, Apr 24, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.