Hi Thomas,
The answer is looking around and do some sniffing. The easy answer
which I just used in a lab environment is to use an access-list to deny
and fragments. We used it mainly to test IPX with GRE and force IPX to
negotiate a bigger packet size than the standard 570 (I think). Use the
keyword "Fragments" to deny any packets with that bit set.
deny ip any any fragments.
Nabil
"I have never let my schooling interfere with my education."
"Thomas
N."
To:
[EMAIL PROTECTED]
Sent by:
cc:
nobody@groupstudy Subject: MTU size for
IPSec+GRE tunnel [7:62161]
.com
01/29/2003
10:05
PM
Please respond
to
"Thomas
N."
Hi All,
I am trying to avoid fragmentation of packets across the IPSec+GRE
tunnel
with "transform-set" using "ah-sha-hmac" AND "esp-3des" for header
authentication and payload encryption. What size of MTU or "TCP
addjust-MSS" should I use for maximum performance? I tried out couple
values and found TCP adjust-mss of 1076 worked out OK most, but still
don't
understand why. According Cisco whitepaper, reducing MTU to about 1400
should void the fragmentation but it didn't work in my case. Please
help.
Thanks!
Thomas
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62182&t=62161
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
