08-04-2022, 07:38 AM
08-04-2022, 12:51 PM
When a packet is nearly the size of the MTU of the outbound link of the encrypting router and it is encapsulated with IPsec headers, it is likely to exceed the MTU of the outbound link. This causes packet fragmentation after encryption. The decrypting router must then reassemble these packets in the process path, winch decreases the decrypting router's performance.
The Pre-fragmentation for IPsec VPNs feature increases the decrypting router's performance by enabling it to operate in the high-performance CEF path instead of the process path.
Please check explanation.
The Pre-fragmentation for IPsec VPNs feature increases the decrypting router's performance by enabling it to operate in the high-performance CEF path instead of the process path.
Please check explanation.
08-04-2022, 04:46 PM
Thanks for the explanation, admin.
02-15-2023, 11:14 PM
Hello,
I think "ip tcp payload-size" is wrong. My router does not know the command.
However, it knows the command "ip tcp adjust-mss" which seems right.
Current configuration : 77 bytes
!
interface Tunnel1
no ip address
ip mtu 1400
ip tcp adjust-mss 1360
end
R2(config)#int tun1
R2(config-if)#ip tcp ?
adjust-mss Adjust the mss of transit packets
compression-connections Maximum number of compressed connections
header-compression Enable TCP header compression
I think "ip tcp payload-size" is wrong. My router does not know the command.
However, it knows the command "ip tcp adjust-mss" which seems right.
Current configuration : 77 bytes
!
interface Tunnel1
no ip address
ip mtu 1400
ip tcp adjust-mss 1360
end
R2(config)#int tun1
R2(config-if)#ip tcp ?
adjust-mss Adjust the mss of transit packets
compression-connections Maximum number of compressed connections
header-compression Enable TCP header compression
01-17-2024, 08:47 AM
The Question has been corrected. Thank you!