VPN MTU Issue

J001 · Oct 29, 2010

We are upgrading Internet, the ISP has provided a separate router and ONT to connect.

When connecting to new ISP router the Internet works fines but our Site-to-Site VPN connection fails.

Prod Switch-->Nortel VPN-->Cisco 1800->ISP Router->Internet

I have been asked to set the MTU on the external interface on our equipment (Cisco 1800) to ISP to MTU 1440.

The Nortel VPN operates at MTU 1788.

1) Is IP MTU on interface going to be sufficient ?
2) Will this cause issues with VPN operating at 1788 ?

TIA

joeccie · Oct 30, 2010

Add this to your LAN interface, ip adjust-mss 1452. This will reduce the mtu to take into account the DSL overhead.

Thanks,
Joe

http://certificationchat.com

J001 · Oct 30, 2010

Hi Joe,

This is a Fibre broadband service.

Should this not be identical to mtu setting ?

ip mtu 1440
ip adjust-mss 1452

Is this still likely to cause issues with applications sending larger IP packets with the DF (Don't Fragment) flag set ?

Thanks,

Jay

brianinms · Oct 30, 2010

You are going to have to clear the df bit for the vpn to work. If it can't fragment the packet most vpn devices drop the packet.

joeccie · Oct 31, 2010

ip mtu 1440 - adjusts the mtu on traffic terminating on the router.
ip adjust-mss 1452 - adjusts the mtu on traffic flowing through the router.

Thanks,
Joe

http://certificationchat.com

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

VPN MTU Issue

J001

Technical User

joeccie

Technical User

J001

Technical User

brianinms

MIS

joeccie

Technical User

Similar threads

Part and Inventory Search

Sponsor