1. set max MTU 1380
2. try this on ASA -- > crypto ipsec df-bit clear-df outside
On Wed, Jul 27, 2011 at 12:01 AM, Fernando Carvalho <
fernando.cagica_at_t-online.de> wrote:
> Hi all,
>
> sorry for sending a OT, i am facing a strange problem with 2 ASA5510 and
> didn't find so far a bug indication to what really looks to be a bug:
> The outside interfaces of two ASAs (IOS 8.0(5)) are interconnected via
> Metro Ethernet: the communication between these FWs is being secured by
> an L2L IPsec Tunnel the MTUs are set to the default of 1500Byte. It was
> verified in first place that packets bigger than 1020 byte were not
> passing through. The SP rreported the link ok. Going directly to one of
> the Firewalls and sending a ping to the other one, the same situation
> happens... Pings bigger that 1020 byte are dropped at the reception (and
> the Interface drop counters increase). Any ideas?
>
> Thank you in advance
>
>
> /
> /
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Thu Jul 28 2011 - 18:22:03 ART
This archive was generated by hypermail 2.2.0 : Mon Aug 01 2011 - 06:30:06 ART