SRX Services Gateway
Highlighted
SRX Services Gateway

SRX VPN Tunnel Change MTU size

‎09-11-2017 09:26 PM

Hi,

 

I have a branch router in a different country with IPSEC VPN tunnels set. Recently there are intermittent latency issues due to Network Congession experienced by the ISP in the remote country.

 

My st0 is set with default MTU size. Would I see any improvement if I change MTU size to 1500 for the st0 interface only for the remote router? Do I need to change TCP MTU size too? 

 

 

3 REPLIES 3
Highlighted
SRX Services Gateway

Re: SRX VPN Tunnel Change MTU size

‎09-14-2017 02:06 PM

what you can try is setting the tcp-mss on the vpn to somthing like 1350.

 

marcel@srx09.lab # set security flow tcp-mss ipsec-vpn mss 1350

 

 

You can also try sending over packets with a max size of 1500 over the vpn and lower the value until you reach the size that will "pass" the vpn. You can use the max packet size then to set that as the max for the ipsec-vpn mss

 

marcel@srx09.lab> ping <ip on otherside of the vpn> size 1500

marcel@srx09.lab> ping <ip on otherside of the vpn> size 1420

 

Marc



-----------------------------------------------------------------
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too
-----------------------------------------------------------------
Highlighted
SRX Services Gateway

Re: SRX VPN Tunnel Change MTU size

‎03-25-2018 08:14 AM

Hi,

 

Thanks. I ended up not changing my MTU as the overseas service provider resolved the issue for me. Sorry for late post.

Highlighted
SRX Services Gateway

Re: SRX VPN Tunnel Change MTU size

‎08-15-2018 02:40 AM

Hi,

 

What was the resolution for this? How did they fix your issue? 

 

Regards

Feedback