Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cisco IPSEC MTU not correct

Status
Not open for further replies.
JackoReturns

JackoReturns

MIS
Aug 6, 2004
3
GB
I have a MTU problem on my network which I cannot seem to resolve. Manually adjusting MTU to 1400 on windows clients works however I need it to work on the Cisco: The LAN is configured as such:

PIX firewall - Cisco 2651XM - LAN

The 2651XM creates IPec tunnels to remote offices on ADSL with Cisco 1701. I have tried the following commands as recommended by Cisco:

crypto ipsec df-bit clear
int fa0/1
crypto ipsec df-bit copy

Also tried the following on the PIX 515E to allow MTU adjustment:

access-list 20 permit icmp any any unreachable
access-list 20 permit icmp any any time-exceeded

Your help would be appreciated

 
Sort by date Sort by votes
Hi,

Try to use a police-map inbound on the ethernet.
conf t
access-list 199 permit ip any any
route-map clear-df-bit permit 10
match ip address 199
set ip df 0
ethernet 0
ip policy route-map clear df-bit
end
 
Upvote 0 Downvote
Have you tried ip tcp-adjust mss 14xx command in interface config mode?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MottoK
  • Locked
  • Question
Cisco ISE blank GUI
Replies
0
Views
246
MottoK
MottoK
intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
297
intel233
intel233
intel233
  • Locked
  • Question
Cisco ASA 5510 -Static NAT Help
Replies
8
Views
325
intel233
intel233
AllenH12
  • Locked
  • Question
Bandwidth in Cisco ASA 5505
Replies
2
Views
204
AllenH12
AllenH12
WhosYourDiffie
  • Locked
  • Question
Cisco ASA 5506 VPN for Avaya Phones
Replies
0
Views
88
WhosYourDiffie
WhosYourDiffie

Part and Inventory Search

Sponsor

Back
Top