Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Ar340
#1
Most similar questions are 

adjust-mss 1360

Crypto ipsec fragmentation After encryption.

Shouldn't this as well?
Reply
#2
When a packet is nearly the size of the MTU of the outbound link of the encrypting router and it is encapsulated with IPsec headers, it is likely to exceed the MTU of the outbound link. This causes packet fragmentation after encryption. The decrypting router must then reassemble these packets in the process path, winch decreases the decrypting router's performance.

The Pre-fragmentation for IPsec VPNs feature increases the decrypting router's performance by enabling it to operate in the high-performance CEF path instead of the process path.

Please check explanation.
Reply
#3
Thanks for the explanation, admin.
Reply
#4
Hello,

I think "ip tcp payload-size" is wrong. My router does not know the command.
However, it knows the command "ip tcp adjust-mss" which seems right.

Current configuration : 77 bytes
!
interface Tunnel1
no ip address
ip mtu 1400
ip tcp adjust-mss 1360
end

R2(config)#int tun1
R2(config-if)#ip tcp ?
  adjust-mss              Adjust the mss of transit packets
  compression-connections  Maximum number of compressed connections
  header-compression      Enable TCP header compression
Reply
#5
The Question has been corrected. Thank you!
Reply


Forum Jump:


Users browsing this thread: 6 Guest(s)