Options

VPN and packet size

wayniacwayniac Member Posts: 6 ■□□□□□□□□□
in CCNP Security
Is there away to adjust the media mtu in a vpn or any other suggestions to enlarge packet size that will go through a vpn? What I have is a vpn setup in between two locations that comes up fine but need to have the ability to send a larger packet accross. Tried raising the MTU to 1500 on the inside and outside interfaces. What I found was no matter what i set that number to in the "show crypto ipsec sa" the media mtu always stayed 1500 and it was the path-mtu that changed.

Any suggestions, packet size we are hoping for to go through would be 1472. Where we are at now is a max packet size of 1376 because of a gre also going through the tunnel.
· Share on FacebookShare on Twitter

Comments

  • Options
    Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    Scotech :: Knowledge Base (KB) have to change the MTU on some of our VPN devices from time to time.
    · Share on FacebookShare on Twitter
  • Options
    dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    Before you can consider increasing the MTU you need to ensure that the undelying network infrastructure can support the larger packet sizes. It may be possible that PMTUD is what is determining the maximum size of the packet that the underlying network can support. Also it's not that you can't send larger packets than the VPN allows, you can you will pay the penalty in processing due to fragmentation, and may have issues with any applications that like to mark their packets as DF unless you do something to clear the DF bit.
    The only easy day was yesterday!
    · Share on FacebookShare on Twitter
  • Options
    wayniacwayniac Member Posts: 6 ■□□□□□□□□□
    Thank you to both of you, learned something. Ended up ditching the vpn and ended up ordering a fiber between these sites. It was the long term plan, but just ended up happening sooner rather than later.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.