You can see what the VPN is using for MTU like this:
cisco#sh int tu0 Tunnel0 is up, line protocol is up Hardware is Tunnel Internet address is 172.31.255.3/24 MTU 17912 bytes, BW 100 Kbit/sec, DLY 50000 usec, reliability 255/255, txload 17/255, rxload 5/255
Here's my recommended default config for ADSL:
interface Dialer0 ip mtu 1492 interface Tunnel0 ip mtu 1500 ip tcp adjust-mss 1400
Some troubleshooting info:
I'd suggest to watch “show ip traffic” and monitor fragmented packet count.
Regarding fergmentation it should be enough to set MSS on tunnel interfaces.Both endpoints will always pick lowest MSS value of the two introduced in TCP headers in SYN and SYN ACK.
What I would do first of all is check the tunnel to see what is maximum data you can send.
For example:ping 126.96.36.199 sou 188.8.131.52 df-bit size 1300
- Ping from both your hub and spoke 184.108.40.206 and 220.127.116.11 should be tunnel IP addresses.
- Increase the size in incrementes of 10 to see where it will start failing.
This is how you can check the path MTU between hub and spoke (of course one of possible ways).