[c-nsp] Windows IPSEC VPN Client MTU issues when connecting to IOS
Marc Haber
mh+cisco-nsp at zugschlus.de
Fri Sep 3 10:44:00 EDT 2010
Hi,
my windows clients have MTU issues when they're connecting to the
corporate VPN using the windows IPSEC VPN Client. By corporate
decision, the default route points into the VPN tunnel which reduces
the MTU for connections to the Internet.
When the client tries to surf to a site with dumb admins that are
filtering ICMP and thus breaking PMTUD, they - of course - experience
timeouts, a phenomenon I myself have not experienced in years.
The gateway the clients are connecting to is an 1841 with IOS.
Do I have a possibility to reduce the MTU used by the client and/or to
clamp the MSS to MTU on the IOS device (or by configuration passed
from the IOS device to the client when the connection is being built),
or do the Windows people have to reduce the client's MTU altogether?
Any hints will be appreciated.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190
More information about the cisco-nsp
mailing list