+- How2pass.com Forums (https://www.how2pass.com/forum)
+-- Forum: CCNP (https://www.how2pass.com/forum/forum-6.html)
+--- Forum: CCNP ENARSI 300-410 Forum (https://www.how2pass.com/forum/forum-15.html)
+--- Thread: Ar340 (/thread-2102.html)
Ar340 - Kuroneko - 08-04-2022
Most similar questions are
adjust-mss 1360
Crypto ipsec fragmentation After encryption.
Shouldn't this as well?
RE: Ar340 - forumsupport - 08-04-2022
When a packet is nearly the size of the MTU of the outbound link of the encrypting router and it is encapsulated with IPsec headers, it is likely to exceed the MTU of the outbound link. This causes packet fragmentation after encryption. The decrypting router must then reassemble these packets in the process path, winch decreases the decrypting router's performance.
The Pre-fragmentation for IPsec VPNs feature increases the decrypting router's performance by enabling it to operate in the high-performance CEF path instead of the process path.
Please check explanation.
RE: Ar340 - Kuroneko - 08-04-2022
Thanks for the explanation, admin.
RE: Ar340 - darkfile - 02-15-2023
Hello,
I think "ip tcp payload-size" is wrong. My router does not know the command.
However, it knows the command "ip tcp adjust-mss" which seems right.
Current configuration : 77 bytes
!
interface Tunnel1
no ip address
ip mtu 1400
ip tcp adjust-mss 1360
end
R2(config)#int tun1
R2(config-if)#ip tcp ?
adjust-mss Adjust the mss of transit packets
compression-connections Maximum number of compressed connections
header-compression Enable TCP header compression
RE: Ar340 - help_desk - 01-17-2024
The Question has been corrected. Thank you!