From: Todd Veillette (tveillette@myeastern.com)
Date: Thu May 15 2003 - 23:36:08 GMT-3
You have to subtract the 56 bytes, as this is the IPSEC
overhead. If DSL subtract another 8 bytes.
So 1436 on the inside, 1492 on the outside with dsl,
1444 and 1500 without.
-TV
----- Original Message -----
From: "Armand D" <ciscoworks2001@yahoo.com>
To: <ccielab@groupstudy.com>
Sent: Thursday, May 15, 2003 2:50 PM
Subject: Tunnel IPSec between PIX to PIX
> Hi ,
>
> I created a IPsec tunnel between pix-1 and pix-2,
> sometimesIi receive these messagges through debug
> crypto ipsec.
>
> --snip--
> IPSEC(ipsec_prepare_encap_request): ERROR: unable to
> fragment packet pktsize=1500, eff_mtu = 1444
> --snip--
>
> It seems the effective MTU is 56 bytes less than the
> set MTU. I get this debug on packets between 1444 and
> 1500, so I set the MTU at 1556, but it doesn't seem to
> help things.
>
> Do anyone have any suggestions ? It would be greatly
> appriciated.
>
> Best,
>
> Armand
>
>
> http://mobile.yahoo.com.au - Yahoo! Mobile
> - Check & compose your email via SMS on your Telstra or Vodafone mobile.
This archive was generated by hypermail 2.1.4 : Mon Jun 02 2003 - 15:13:44 GMT-3