[c-nsp] Order-of-operations question about "adjust-mss" and crypto...
Derick Winkworth
dwinkworth at att.net
Fri Oct 31 11:51:45 EDT 2008
If you apply the "ip tcp adjust-mss" command on an interface that has a crypto statement on it...
Does it perform the MSS adjustment on outbound packets before they are encrypted?
Does it perform the MSS adjustment on inbound packets after they are decrypted?
I know that this is typically placed on a tunnel interface or, for instance, on an ethernet interface of a remote VPN site or something... but I have a case where we have many GET encryped sub-interfaces (each in their own VRF) which are the only logical IP interfaces on the box. The backside is MPLS so there is no place to put the statement there... so I was just going to apply it to the interfaces where the crypto maps are.. not sure if this will work.
I'll probably have to lab it up I'm guessing.
Derick
More information about the cisco-nsp
mailing list