[afnog] VPN mtu
Onowojo E.
onowojemma at yahoo.com
Fri Aug 3 20:51:20 UTC 2012
Hello all,
i just configure an ipsec site to site vpn between Asa and a cisco 2811 router using cisco ASDM and CCP ,but the tunnel comes up when i did and extended ping and after a while it goes down i try use cisco configuration professional (ccp ) to trouble shoot the link and it bring out this error "A ping with data size of this VPN interface MTU size and 'Do not Fragment' bit set to the other end VPN device is failing. This may happen if there is a lesser MTU network which drops the 'Do not fragment' packets."
CCp suggests I can use crypto ipsec df-bit clear to resolve this or contact our ISP to resolve
i have reduce the mtu on the ASA and the router to 1300,1460, 1400 and 1480 but still the network is slow and the tunnel will just go off when more user use the network and the tunnel goes down.
they are for branch and linking to the asa.
thanks for all you support in advance
I
God be with u all
A true friend is someone who reaches for your hand and touches your heart.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://afnog.org/pipermail/afnog/attachments/20120803/84106688/attachment-0001.html>
More information about the afnog
mailing list