This sounds somewhat like this link:
The quick summary is that the payload size can be a maximum of 1492 over PPPoE. This is due to the PPPoE header size + a PPP ID. One would think though that the Netopia box has been designed to take this into account. Is the 3015 negotiating packet sizes greater than 1492? Hope it helps. Arjen -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of David Armstrong Sent: March 21, 2002 1:31 PM To: [EMAIL PROTECTED] Subject: Re: 3015 VPN Concentrator & MTU's [7:39010] Unfortunately the Netopia's MTU size can't be changed so nothing is an option. I'm interested in your thought on which side needs changing though. Packets larger than (somewhere around) 1400 bits can't traverse the Netoia R9100 but can traverse the 3015 VPN Concentrator. To me that would seem to mean that the size of the packets sent from the 3015 to the Netopia are too large for the Netopia. Increasing the Netopia's MTU would allow it to see larger frames and therefore not fragment them as they come across. Since I'm able to sit on the Netopia and send packets across the 3015 into our network but am unable to send them from inside the Netopia's network across to the 3015 it seems that the problem is stemming from too small MTU size on the Netopia (packet comes to the inside interface of the Netopia R9100, is encapsulated and framed with an IPSec header added to the frame for encryption then sent to the outside interface of the Netopia. The outside interface fragments frames greater than 1500 bits and thus sends fragments out the DSL modem into the Internet - I think). I could be thinking in the wrong direction though and if I am would like to get thinking in the right. Currently it doesn't appear that I can decrease or increase MTU size on either device which leaves me thinking that my options are two: get a router to replace the Netopia that allows changes to MTU or change the settings for IPSec to decerase the size of the header it adds to the packet when the frame is created. I'm focusing on the second now. I need to get a better understanding of the components of IPSec first though. Thanks for you input, David Armstrong ""Daniel Cotts"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Seems that you need to decrease the MTU on the client (Netopia) side rather > than increase it. > > > -----Original Message----- > > From: David Armstrong [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, March 20, 2002 11:17 PM > > To: [EMAIL PROTECTED] > > Subject: 3015 VPN Concentrator & MTU's [7:39010] > > > > > > We have a 3015 VPN concentrator that I've connected to a > > vendor who has a > > Netopia R9100 router with a DSL (PPOE) connection to the Internet. The > > tunnel is fine but anything larger than ICMP dies. From > > talking to Netopia's > > tech support the problem is that the Netoia R9100 with PPOE > > supports MTU's > > of 1500 bits and can't be increased. I've sent pings with larger data > > packets and, sure enough, they died too. Given the vendor's > > equipment the > > solution appears to be to decrease MTU size on the 3015; > > however, I can't > > find a way to do this. > > > > Does anyone have any suggestions? > > > > Thanks, > > > > David Armstrong Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=39091&t=39010 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]