Re: IPSec MTU

From: Sam Munzani (sam@xxxxxxxxxxx)
Date: Mon Mar 11 2002 - 12:04:29 GMT-3

• Next message: Bhisham Bajaj: "Re: distribute-list"
• Previous message: Mannan Venkatesan: "Re: distribute-list"
• Maybe in reply to: Kyaw Khine: "IPSec MTU"
• Next in thread: Kurt Kruegel: "Re: IPSec MTU"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
It will work fine but then packet will be fragmented and reassembled as it
crosses any ethernet segment. Ethernet max mtu is 1500. When you add tunnel
header on top of your max size frame, your packet will be bigger. Making it
1440 allows 60 bytes for header. That way no need for packet fragmentation.

Sam

> Hi Group,
>
> I was trying to working on IPSec + GRE as in
> http://www.cisco.com/warp/public/707/ipsec_gre.shtml
>
> Everything works fine but I don't really understand why do I have to
change
> MTU to be 1440 on the tunnel interface.
> Ping packets are going through IPSec/GRE tunnel even with the packet size
of
> 1500.
>
> Any thoughts .. comments ?
>
> Thanks ..

• Next message: Bhisham Bajaj: "Re: distribute-list"
• Previous message: Mannan Venkatesan: "Re: distribute-list"
• Maybe in reply to: Kyaw Khine: "IPSec MTU"
• Next in thread: Kurt Kruegel: "Re: IPSec MTU"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:57:00 GMT-3