ipsec mtu determination

can anyone help with my understanding (or lack of !) as to how an IOS host calculates or determines the path mtu (ip mtu) as is reported by "show crypto ipsec sa"

the observed behaviour is one of values that seem to vary over time, and also with values not necessarily the same at each end

i suspect perhaps issues of inconsistency between different IOS versions at each end;

c1700-advsecurityk9-m (version 12.4(3) c837-k903sy6-m (version 12.3(2)

also for ref we are running both connection on PPPoA (broadband supplied by BT) on both ends so i assume the physical network characteristics to be the same.

Thanks

Reply to
Graham Turner
Loading thread data ...

I know that this is not answering the question (sorry) however my view of this matter is not to worry about it and to put

int xx ip tcp adjust-mtu 1300

somewhere in the path.

Quite a few MTU issues dissapeared forever.

Of course if you use UDP?

This is not available on 6500 but will be available on "routers".

Clearly it is possible to tune the value for a bit higher mtu but I don't think that it is worth worrying abut a few bytes here and there.

Reply to
Bod43

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.