Re: Problem pinging remote VPN site with large packet

iNikolas · ‎12-29-2008

Hi all!

I have a 851 router with Easy VPN server and VPN client v4.8.

I can connect to remote site and ping gateway with packet size less or equal 10232 bytes:

C:\Documents and Settings\Administrator>ping -t 192.168.250.1 -l 10232

Pinging 192.168.250.1 with 10232 bytes of data:

Reply from 192.168.250.1: bytes=10232 time=32ms TTL=127

Ping statistics for 192.168.250.1:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 32ms, Maximum = 32ms, Average = 32ms

But when I ping with packet size 10233 bytes 100% loss.

C:\Documents and Settings\Administrator>ping -t 192.168.250.1 -l 10233

Pinging 192.168.250.1 with 10233 bytes of data:

Request timed out.

Ping statistics for 192.168.250.1:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss)

I try to change MTU and MSS on interface but there are no change.

Where can be a problem?

In another VPN tunnels (ASA 5510 and UC500) this value is 17997 bytes.

edadios · ‎12-29-2008

Your test is not really acurate. You needed to use -f (don't fragment) to confirm the correct mtu for the path.

ping -t 192.168.250.1 -l 1400, up and down, depending on the results of the pings.

Then adjust the mtu to the largest you can send.

iNikolas · ‎12-30-2008

Thanks for your answer!

But I can not understand why one size of packet can be fragmented and sent without any problem and another packet (greater by 1 byte) can not be fragmented. May be the problem in interface buffer size of remote site?