12-29-2008 04:22 AM - edited 02-21-2020 04:06 PM
Hi all!
I have a 851 router with Easy VPN server and VPN client v4.8.
I can connect to remote site and ping gateway with packet size less or equal 10232 bytes:
C:\Documents and Settings\Administrator>ping -t 192.168.250.1 -l 10232
Pinging 192.168.250.1 with 10232 bytes of data:
Reply from 192.168.250.1: bytes=10232 time=32ms TTL=127
Reply from 192.168.250.1: bytes=10232 time=32ms TTL=127
Reply from 192.168.250.1: bytes=10232 time=32ms TTL=127
Reply from 192.168.250.1: bytes=10232 time=32ms TTL=127
Ping statistics for 192.168.250.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 32ms, Maximum = 32ms, Average = 32ms
But when I ping with packet size 10233 bytes 100% loss.
C:\Documents and Settings\Administrator>ping -t 192.168.250.1 -l 10233
Pinging 192.168.250.1 with 10233 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 192.168.250.1:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss)
I try to change MTU and MSS on interface but there are no change.
Where can be a problem?
In another VPN tunnels (ASA 5510 and UC500) this value is 17997 bytes.
12-29-2008 09:13 PM
Your test is not really acurate. You needed to use -f (don't fragment) to confirm the correct mtu for the path.
ping -t 192.168.250.1 -l 1400, up and down, depending on the results of the pings.
Then adjust the mtu to the largest you can send.
12-30-2008 05:35 AM
Thanks for your answer!
But I can not understand why one size of packet can be fragmented and sent without any problem and another packet (greater by 1 byte) can not be fragmented. May be the problem in interface buffer size of remote site?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide