VPN and MTU size.

When you do thisover ADSL is there some MTU Overhead for the VPN also.

It is failing even though we can ping end points.

I.e Outlook fails even though telner 25 works so seems to be some packet size issue over the VPN.

Had the same problem for regular traffic without a VPN but adjusted various MTU / PMTU sizes and all seemed OK.

Is there an equivalent for VPN MTU ?

Reply to
Loading thread data ...

Hi Gary,

There is overhead when you take into account the ESP/AH headers/trailers and encryption.

I think your answer lies in lowering the Maximum TCP segment size on the relevant interfaces. Are you using Cisco Routers as the endpoints? If so then on the interfaces on either side of the tunnel, you will need to play around with the segment size with this command under the interfaces. "ip tcp adjust-mss 1440" Try playing around with this value ie lowering it if necessary and see if Outlook works. Telnet is comprised of much smaller packets so you cant test with that.

Hope this helps,


Reply to

End user to end user have a cisco at one end and a cheapo ADSL router at the other. They connect to the same central ADSL pipe which terminates with the ADSL provider.

We connect the ADSL provider over a VPDN L2TP so they appear invisible in any traceroutes etc.

When not using a VPN end users can do everything they need but after the VPN is up the trouble starts. Our router for the VPDN is also aCisco.


Reply to

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.