Hi Group,
We seem to having issues over a Site-To-Site VPN (PIX to CP-NG), this really shows itself when users are trying to access remote MS Exchange Email, or large downloads. Thinking to myself that I they could have an MTU issue I got myself on one of their server / workstations and started to use the command PING
-f -l ???? xxx.xxx.xxx.xxx.
If I use a value above 1415 I get, "Packet needs to be fragmented but DF set.". Which to me says I need to set the MTU on the PIX below this level.
If I go below this value I then get, "Request timed out.". A normal ping gets a response from the remote host. The MTU on the inside and outside interfaces of the PIX are set to the normal value of 1500. Am I looking at this the wrong way? Should I set the MTU's on both interfaces to 1410?
Thanks in advance for your pearls of wisdom. Jay