I have Bell South DSL, and I'm using Cisco VPN client V 4.0.2. I'm getting "VPN disconnect" messages throughout the day. Problem happens while passing traffic and after idle times. any suggestions?
Chances are that the Cisco VPN software has the utility to adjust the MTU built-in. There should be a shortcut in the Start Menu that says "Set MTU" under the Cisco VPN folder.
Since it's DSL, try setting it to 1492. If that doesn't help, try a lower setting of 1400. If there's still an issue after that, then it's not likely an MTU conflict.
~cdogg
[tab]"All paid jobs absorb and degrade the mind";
[tab][tab]- Aristotle
[tab][navy]For general rules and guidelines to get better answers, click here:[/navy] faq219-2884
I support VPN users that use all sorts of connections - Cable, Dial-up, DSL, ISDN, etc. From my experience, the only time the MTU setting generally matters is over DSL PPPoE connections. These links help explain it in more detail:
This link shows a more systematic approach using the ping -l -f command to find the exact setting you need. The only reason why I don't normally recommend this method is because it's tedious and takes more time. Losing 30 or 40 bytes in the MTU setting by guessing or approximating doesn't slow the speed of the connection by very much. Here's that link:
So when you say "it's not decidely a standard value", I agree to a certain extent. However the "value range" I gave is based on experience and the schematics of the PPPoE protocol.
~cdogg
[tab]"All paid jobs absorb and degrade the mind";
[tab][tab]- Aristotle
[tab][navy]For general rules and guidelines to get better answers, click here:[/navy] faq219-2884
I am not doubting your advice above, my original point was to look at the MTU settings and adjust them.
1492 works for most PPoE, with the notable exception of AOL DSL. You advice to test using ping seems perfectly reasonable, or use a tweak site as I recommended above.
It was my understanding that the CISCO VPN client (as do others) uses a larger header to accomodate NAT traversal, and the MTU will differ from the physical DSL connection value. This requires something more than standard MTU testing procedures, and here your ping test may let you down:
OK, I'm not at odds either overall, but perhaps through this discussion we can clear a few things up.
1492 directly refers to the max for the PPPoE protocol. That's without taking into consideration other packet headers which might be tacked on by AOL or other applications like Cisco's. This "tacking on", as you well know, is what causes the lower MTU in certain situations.
With that said and agreed on, I also want to clarify that I rarely use the ping test. I usually move in increments of 30 or 40 at a time until I hit a spot that works.
Would you mind explaining your comment "[blue]...the MTU will differ from the physical DSL connection value. This requires something more than standard MTU testing procedures...[/blue]." Though I don't use it often, the ping test should be sufficient in this respect. If connected over VPN, the ping command will run into the same limitations of both the protocol and the software/hardware being used. So in this case, the MTU that works for a ping should also work for the VPN connection as a whole. That's how I understand it anyway.
~cdogg
[tab]"All paid jobs absorb and degrade the mind";
[tab][tab]- Aristotle
[tab][navy]For general rules and guidelines to get better answers, click here:[/navy] faq219-2884
Do I really have to acknowledge that? Of course I did.
Neither link provides an explanation as to WHY the ping test is inefficient. FAQ 7724 is just a link to FAQ 7752 which in turn says nothing more than "[blue]The standard Ping Test is not the best way to determine your optimum MTU when using a VPN client.[/blue]". I'm not disagreeing with it necessarily, but that's not good enough without at least an explanation why.
Even at the Cisco support site, they recommend using the ping test. Have a look under the MTU section at:
So that takes me back to my question to you. Care to explain it in your own words?
~cdogg
[tab]"All paid jobs absorb and degrade the mind";
[tab][tab]- Aristotle
[tab][navy]For general rules and guidelines to get better answers, click here:[/navy] faq219-2884
By default, a Windows XP PPPoE connection uses an MTU size that is 20 bytes less than the IP MTU of the LAN adapter over which the PPPoE packets are sent, which in most cases is 1480 bytes. The 20 bytes of overhead consist of the PPPoE header (6 bytes), the largest possible outer PPP header (4 bytes), the largest possible Multilink PPP header (4 bytes), the largest possible PPP header for compression and encryption (4 bytes), and the PPP header that identifies the actual packet being sent (2 bytes).
A ping test only reveals the maximum PPoE packet size, it does not factor the larger header often used in PPoE to encapsulate the packet to accomodate NAT Traversal concerns.
I think I understand where you're coming from a little better now. Thanks for the explanation.
~cdogg
[tab]"All paid jobs absorb and degrade the mind";
[tab][tab]- Aristotle
[tab][navy]For general rules and guidelines to get better answers, click here:[/navy] faq219-2884
I ran the ping -l -f command. the lowest setting I can use when vpn is running is around 1250. The default setting is 1300, so I'll make a change and monitor what happens and reply back.
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.