Cisco IPSEC MTU not correct

[JackoReturns]

I have a MTU problem on my network which I cannot seem to resolve. Manually adjusting MTU to 1400 on windows clients works however I need it to work on the Cisco: The LAN is configured as such:

PIX firewall - Cisco 2651XM - LAN

The 2651XM creates IPec tunnels to remote offices on ADSL with Cisco 1701. I have tried the following commands as recommended by Cisco:

crypto ipsec df-bit clear
int fa0/1
crypto ipsec df-bit copy

Also tried the following on the PIX 515E to allow MTU adjustment:

access-list 20 permit icmp any any unreachable
access-list 20 permit icmp any any time-exceeded

Your help would be appreciated

 

[mrueckbr]

Hi,

Try to use a police-map inbound on the ethernet.
conf t
access-list 199 permit ip any any
route-map clear-df-bit permit 10
match ip address 199
set ip df 0
ethernet 0
ip policy route-map clear df-bit
end

 

[webnetwiz]

Have you tried ip tcp-adjust mss 14xx command in interface config mode?