Mundy

IT Knowledge Base

User Tools

Site Tools


Sidebar

Contact me at dan@mundy.co for any feedback or suggestions.


My other sites:

Search all my sites:

cisco_vpns_and_mtu

You can see what the VPN is using for MTU like this:

    cisco#sh int tu0
    Tunnel0 is up, line protocol is up
      Hardware is Tunnel
      Internet address is 172.31.255.3/24
      MTU 17912 bytes, BW 100 Kbit/sec, DLY 50000 usec,
         reliability 255/255, txload 17/255, rxload 5/255




Here's my recommended default config for ADSL:

    interface Dialer0
     ip mtu 1492
    interface Tunnel0
     ip mtu 1500
     ip tcp adjust-mss 1400

Some troubleshooting info:

I'd suggest to watch “show ip traffic” and monitor fragmented packet count.

Regarding fergmentation it should be enough to set MSS on tunnel interfaces.Both endpoints will always pick lowest MSS value of the two introduced in TCP headers in SYN and SYN ACK.

What I would do first of all is check the tunnel to see what is maximum data you can send.

For example:

ping 1.1.1.1 sou 2.2.2.2 df-bit size 1300
  1. Ping from both your hub and spoke 1.1.1.1 and 2.2.2.2 should be tunnel IP addresses.
  2. Increase the size in incrementes of 10 to see where it will start failing.

This is how you can check the path MTU between hub and spoke (of course one of possible ways).

Cisco forum

cisco_vpns_and_mtu.txt · Last modified: 2018/04/09 09:56 (external edit)