Hello everyone, I experienced several MTU-related problems on site-to-site vpn tunnels, e=2Eg. certain applications work well whereas others crash or don=B4t work at all.
I did some tests but still MTU size is a mystery to me. I assumed, that a ping from different clients from LAN A through VPN to server in LAN B with don=B4t fragment bit set should result in the same possible maximum packet size, but I experienced different sizes. How is max packet size calculated? Of course it depends on the kind of tunnel etc., but why do I get different max sizes?
Most tunnels I have tried were configured between two Cisco 1841, some parts of configuration as following: .=2E. ip tcp path-mtu-discovery .=2E. crypto ipsec df-bit clear .=2E. interface Tunnel0 ip address 10.200.200.2 255.255.255.252 ip ospf authentication-key 7 xxx ip ospf cost 10 ip ospf mtu-ignore qos pre-classify tunnel source 17.0.0.2 tunnel destination 17.0.0.1 tunnel mode ipsec ipv4 tunnel protection ipsec profile XXX ! interface FastEthernet0/0 description Standleitung ip address 17.0.0.2 255.255.255.0 ip mtu 1400 speed 100 full-duplex !
I changed several settings above, such as "ip tcp path-mtu-discovery" on or off etc., but still I didn=B4t get an result that fits to my calculations... Any tips, suggestions and also further readings are appreciated. Thanks, Julian