Re: [fw-wiz] Fragmentation over VPN
- From: "kevin horvath" <kevin.horvath@xxxxxxxxx>
- Date: Sun, 11 Mar 2007 20:15:39 -0500
On both interfaces reduce the size to say about 1350 max to take into
account the ipsec overhead. Otherwise larger packets will be dropped since
when they go to the interface ipsec (esp) overhead will put the packet over
the 1500 allowed across most router interfaces in route:
ie do this:
ip tcp adjust-mss 1350
On 3/8/07, Alex <anobre1@xxxxxxxxx> wrote:
_______________________________________________
Hi everyone,
First time poster here (as if anyone cared <g>).
I have this scenario:
Three offices need to connect via IPSec (L2L) and each also runs EZVPN
server for clients to connect to.
There is a 506E, and ASA5510 and an ISR 1801W. The configuration for the
506E and ASA5510 were easy enough and everything is working fine. On the
1801 is a different story. I get the SA's done with no problems, but then
no
other traffic flows through and I suspect this has to do with
fragmentation.
On the outside interface (Dialer1), I have "mtu 1492" and on the inside
(VLAN1) I have "ip tcp adjust-mss 1452". Everyone behind the device can
browse the internet without any problems (yes, PAT).
Can some kind soul please provide some ideas on how to get around it?
Much appreciated.
Alex.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
- References:
- [fw-wiz] Fragmentation over VPN
- From: Alex
- [fw-wiz] Fragmentation over VPN
- Prev by Date: [fw-wiz] Firewall bake-off?
- Next by Date: Re: [fw-wiz] Firewall bake-off?
- Previous by thread: [fw-wiz] Fragmentation over VPN
- Next by thread: [fw-wiz] Firewall bake-off?
- Index(es):
Relevant Pages
|
