Hi Fabio, It certainly sounds like an MTU issue. Most Cisco ATM interfaces have a default MTU of 4470 on the main interface. Sub-interfaces can have a smaller or up to the same value as the main interface. If you issue the command "show interface atm #/#" it will tell you what the size of the MTU is set for on that interface. If you need to configure the MTU on the subinterface you would use the "MTU ####" command. I would probably set the value of the MTU to ~1400. This will take into account the additional overhead including the IPsec header which in itself can be 50 to 60 bytes. Hope this helps.
Thanks, Mario Puras SoluNet Technical Support Mailto: [EMAIL PROTECTED] Direct: (321) 309-1410 888.449.5766 (USA) / 888.SOLUNET (Canada) -----Original Message----- From: Fabio Macchi [mailto:[EMAIL PROTECTED] Sent: Monday, July 07, 2003 7:53 AM To: [EMAIL PROTECTED] Subject: MTU size on Hub and spoke IPSEC VPN [7:71978] Hi all, I have a problem on an hub and spoke IPSEC VPN. There are two 827H connected to a 1721 acting as an hub, configured to make two VPN IPSEC tunnel. All seems to run correctly ( IPSEC SA are up, I can ping from 827 to 1721 and from 827 to 827 ), except I have problem only with some applications ( example FTP with no small file ) and only from 827 to 827 ( 827 to 1721 works fine ). It seems to be an MTU problem. I have set ip tcp adjust-mss 1440 on all ethernet interfaces ( 1440 + 52 IPSEC header + 8 PPPOE = 1500 ) and this seem to be correct, but in the two hops connection ( 827 to 1721 to 827 ) the packets don't travell across the fastethernet on 1721, simply entry and exit from the same ATM0 interface, so this settings is not applied. Have I to apply MTU directly on ATM interface ? Which value would be correct ? Any other idea ? Any help appreciate. Thanks. Fabio Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=71986&t=71978 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
