[afnog] VPN mtu
Onowojo E.
onowojemma at yahoo.com
Fri Aug 3 21:32:50 UTC 2012
Thanks for your reply Seun i did it on the interface connecting to the internet (outside interface)
God be with u all
A true friend is someone who reaches for your hand and touches your heart.
________________________________
From: Seun Ojedeji <seun.ojedeji at gmail.com>
To: Onowojo E. <eonowojo at yahoo.com>
Cc: Nigeria Nog <afnog at afnog.org>
Sent: Friday, August 3, 2012 10:26 PM
Subject: Re: [afnog] VPN mtu
Hello Emmanuel,
On which interface did you do the reduction? trust its on the local side of the link? and you used something similar to below:
ip tcp adjust-mss 1300
Perhaps you could check packet size that goes through and then configure with that, you can use the following(i am using debian): ping <other side url>-s 1300 (increase or reduce the MTU untill you get a perfect one and then apply the command above)
Cheers!
On Fri, Aug 3, 2012 at 9:51 PM, Onowojo E. <onowojemma at yahoo.com> wrote:
Hello all,
>i just configure an ipsec site to site vpn between Asa and a cisco 2811 router using cisco ASDM and CCP ,but the tunnel comes up when i did and extended ping and after a while it goes down i try use cisco configuration professional (ccp ) to trouble shoot the link and it bring out this error "A ping with data size of this VPN interface MTU size and 'Do not Fragment' bit set to the other end VPN device is failing. This may happen if there is a lesser MTU network which drops the 'Do not fragment' packets."
>CCp suggests I can use crypto ipsec df-bit clear to resolve this or contact our ISP to resolve
>i have reduce the mtu on the ASA and the router to 1300,1460, 1400 and 1480 but still the network is slow and the tunnel will just go off when more user use the network and the tunnel goes down.
>they are for branch and linking to the asa.
>thanks for all you support in advance
>I
>
>God be with u all
>A true friend is someone who reaches for your hand and touches your heart.
>
>
>_______________________________________________
>afnog mailing list
>http://afnog.org/mailman/listinfo/afnog
>
--
------------------------------------------------------------------------
Seun Ojedeji,
>Federal University Oye-Ekiti
>web: http://www.fuoye.edu.ng
>Mobile: +2348035233535
>alt email:seun.ojedeji at fuoye.edu.ng
>
_______________________________________________
afnog mailing list
http://afnog.org/mailman/listinfo/afnog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://afnog.org/pipermail/afnog/attachments/20120803/847dc3f1/attachment.html>
More information about the afnog
mailing list