MPVPN Tunnels

Hi Experts,

I have two tunnels on my branch routers, one to HQ and one to DRC.

I am wondering why the output of "show crypto ipsec sa" gives me different
value of MTU, as I didn't configure any MTU value manually.

Below are the outputs, appreciate if someone can help to explain this.

Thanks,
Yap

BrA#show crypto ipsec sa | in mtu
     path mtu 1514, ip mtu 1514, ip mtu idb Tunnel3
     path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet0/0
     path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet0/0
     path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet0/0
     path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet0/0
     path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet0/0
     path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet0/0
     path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet0/0
     path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet0/0

BrC#sh crypto ipsec sa | in mtu
     path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet0/0
     path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet0/0
     path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet0/0
     path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet0/0
     path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet0/0
     path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet0/0
     path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet0/0
     path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet0/0
     path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet0/0
     path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet0/0
     path mtu 1472, ip mtu 1472, ip mtu idb Tunnel3

BrA#sh run int tun 1
Building configuration...
Current configuration : 528 bytes
!
interface Tunnel1
 description ### DMVPN Cloud 1 ###
 bandwidth 5000
 ip address 10.23.11.3 255.255.255.128
 no ip redirects
 ip nhrp map 10.23.11.1 10.23.10.1
 ip nhrp map multicast 10.23.10.1
 ip nhrp network-id 1
 ip nhrp holdtime 600
 ip nhrp nhs 10.23.11.1
 ip nhrp registration timeout 120
 ip nhrp cache non-authoritative
 ip route-cache flow
 ip tcp adjust-mss 1400
 delay 100
 qos pre-classify
 tunnel source 10.23.10.3
 tunnel mode gre multipoint
 tunnel key 1
 tunnel protection ipsec profile DMVPN shared
end
BrA#sh run int tun 3
Building configuration...
Current configuration : 511 bytes
!
interface Tunnel3
 description ### DMVPN Cloud 3 ###
 bandwidth 5000
 ip address 10.23.12.3 255.255.255.128
 no ip redirects
 ip nhrp map multicast 10.23.13.12
 ip nhrp map 10.23.12.12 10.23.13.12
 ip nhrp network-id 3
 ip nhrp holdtime 600
 ip nhrp nhs 10.23.12.12
 ip nhrp registration timeout 120
 ip nhrp cache non-authoritative
 ip tcp adjust-mss 1400
 delay 300
 qos pre-classify
 tunnel source 10.23.13.3
 tunnel mode gre multipoint
 tunnel key 3
 tunnel protection ipsec profile DMVPN shared
end
BrA#sh run int g0/0
Building configuration...
Current configuration : 214 bytes
!
interface GigabitEthernet0/0
 mac-address 0000.3600.0005
 ip address 10.23.13.3 255.255.255.128 secondary
 ip address 10.23.10.3 255.255.255.128
 ip route-cache flow
 duplex full
 speed 100
 media-type rj45
end

BrC#sh run int tun 1
Building configuration...
Current configuration : 508 bytes
!
interface Tunnel1
 description ### DMVPN Cloud 1 ###
 bandwidth 30000
 ip address 10.23.11.2 255.255.255.128
 no ip redirects
 ip nhrp map 10.23.11.1 10.23.10.1
 ip nhrp map multicast 10.23.10.1
 ip nhrp network-id 1
 ip nhrp holdtime 600
 ip nhrp nhs 10.23.11.1
 ip nhrp registration timeout 120
 ip nhrp cache non-authoritative
 ip tcp adjust-mss 1400
 delay 100
 qos pre-classify
 tunnel source 10.23.10.2
 tunnel mode gre multipoint
 tunnel key 1
 tunnel protection ipsec profile DMVPN shared
end

BrC#sh run int tun 3
Building configuration...
Current configuration : 512 bytes
!
interface Tunnel3
 description ### DMVPN Cloud 3 ###
 bandwidth 30000
 ip address 10.23.12.2 255.255.255.128
 no ip redirects
 ip nhrp map multicast 10.23.13.12
 ip nhrp map 10.23.12.12 10.23.13.12
 ip nhrp network-id 3
 ip nhrp holdtime 600
 ip nhrp nhs 10.23.12.12
 ip nhrp registration timeout 120
 ip nhrp cache non-authoritative
 ip tcp adjust-mss 1400
 delay 300
 qos pre-classify
 tunnel source 10.23.13.2
 tunnel mode gre multipoint
 tunnel key 3
 tunnel protection ipsec profile DMVPN shared
end
BrC#sh run int g0/0
Building configuration...
Current configuration : 193 bytes
!
interface GigabitEthernet0/0
 mac-address 0000.3600.0003
 ip address 10.23.13.2 255.255.255.128 secondary
 ip address 10.23.10.2 255.255.255.128
 duplex full
 speed 100
 media-type rj45
end

Blogs and organic groups at http://www.ccie.net
Received on Fri Jun 05 2009 - 12:03:45 ART