Hi Steve,
Is the MTU size of 1476 a limitation of the encryption, or merely because of
the overheads added by the encryption knocking it down from 1500. Is it a
possibility to increase the MTU size on the link?
Gaz
"Phil Barker" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Steve,
> Without CLI access your going to struggle.
> Q : How far does the traceroute get, from the send
> node ?
>
> try rfc 792 ICMP
> http://www.landfield.com/rfcs/rfc792.html
>
> >> SNIP from RFC 792
>
> If a host reassembling a fragmented datagram
> cannot complete the
> reassembly due to missing fragments within its
> time limit it
> discards the datagram, and it may send a time
> exceeded message.
>
> If fragment zero is not available then no time
> exceeded need be
> sent at all.
>
> Good luck,
>
> Phil.
>
>
>
> --- "Donohue, Steve" <[EMAIL PROTECTED]> wrote:
> > Good Afternoon All,
> >
> > I am currently trying to resolve an issue where we
> > are having trouble
> > sending data across a tunnel running GRE encryption.
> > With this encryption
> > employed the MTU size allowed is decreased to 1476.
> > When we attempt to send
> > traffic (email, ftp, etc...) through the tunnel, we
> > are finding that it does
> > not work.
> >
> > My sniffer trace is showing that the frames being
> > sent are setting the DF
> > bit, which I would expect. I would then expect that
> > if the router is unable
> > to send the packet, it would drop it and return an
> > ICMP message back to the
> > source telling it to decrease the packet size and
> > try it again. I am not
> > seeing any of these messages.
> >
> > We are running HSRP on the ethernet interfaces that
> > connect to my LAN. I
> > believe we are running a 12.0 IOS release, although
> > I am not sure of the
> > actual version.
> >
> > Does anyone have any ideas why this might be
> > happening? I am trying to
> > resolve this issue while having no CLI access to the
> > routers. I have been
> > informed by the controlling body that there are no
> > access lists prohibiting
> > ICMP messages from being sent, and there are no
> > firewall rules in place that
> > would be dropping the ICMP messages.
> >
> > Any and all explanations of possible
> > causes/resolutions would be
> > appreciated.
> >
> > Steve D.
> >
> >
> >
> >
> >
>
>
> ____________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk
> or your free @yahoo.ie address at http://mail.yahoo.ie
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
