|
|
| Case Number |
K16436075 |
| Title |
In LAN-to-LAN VPN tunnel on router, packets exceeding 1500 maximum transmission units (MTU) are dropped |
| Core issue |
Packets come in with the df bit set, and when they get encrypted, they exceed the 1500 MTU size limitation. |
| Resolution |
- If you are running Cisco IOS® Software Release 12.2(2)T or later, you can enter the crypto ipsec df-bit clear command.
- If you are not able to enter the above command, then add the following commands:
access-list 190 permit ip any any
route-map cleardf permit 10
match ip address 190
set ip df 0
interface inside_interface_name
policy route-map cleardf
|
| Problem Type |
Connectivity |
| Product Family |
Routers |
| Frequency |
Intermittently |
| Cisco IOS Software Version |
12.0
12.1
12.2 |
| VPN Tunnel End Points |
Router |
| Features & Tasks |
Maximum Transmission Unit (MTU) |
| VPN Protocols |
IPSec |
| VPN Tunnel Initialization |
VPN session is established |
| Direct URL |
http://www.ciscotaccc.com/security/showcase?case=K16436075 |
|
|
