Have a got an MTU problem? Advice needed

Hi Group,

We seem to having issues over a Site-To-Site VPN (PIX to CP-NG), this really shows itself when users are trying to access remote MS Exchange Email, or large downloads. Thinking to myself that I they could have an MTU issue I got myself on one of their server / workstations and started to use the command PING

-f -l ???? xxx.xxx.xxx.xxx.

If I use a value above 1415 I get, "Packet needs to be fragmented but DF set.". Which to me says I need to set the MTU on the PIX below this level.

If I go below this value I then get, "Request timed out.". A normal ping gets a response from the remote host. The MTU on the inside and outside interfaces of the PIX are set to the normal value of 1500. Am I looking at this the wrong way? Should I set the MTU's on both interfaces to 1410?

Thanks in advance for your pearls of wisdom. Jay

Reply to
thejayman
Loading thread data ...

In article , thejayman wrote: :We seem to having issues over a Site-To-Site VPN (PIX to CP-NG), this :really shows itself when users are trying to access remote MS Exchange :Email, or large downloads. :Thinking to myself that I they could have an MTU issue I got myself on :one of their server / workstations and started to use the command PING :-f -l ???? xxx.xxx.xxx.xxx.

:If I use a value above 1415 I get, :"Packet needs to be fragmented but DF set.". Which to me says I need to :set the MTU on the PIX below this level.

Check out the sysopt for tcpmss .

Reply to
Walter Roberson

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.