Ipsec through a cisco 800 in router mode



  • Hi.

    I have an ipsec tunnel between 2 pfsense's. One of them has a cisco 800 in front in router mode. The other has a zyxel in front in router mode.

    The pfsense with the zyxel works great. The pfsense with the cisco has serious problems with mtu values.

    The IPSEC is established and i can use services that does little TCP overhead like ssh, text, etc.
    Larger packets (Remote desktop, file transfers, images, …) doesn't work.

    Is there some option in pfsense to force a mtu value in ipsec tunnels only ? Or some option to force cisco 800 to auto negociate ?

    Thanks in advance.



  • On the cisco, try the following: (Assuming Ethernet0 is the local interface)

    int Ethernet0
    ip tcp adjust-mss 1452
    


  • Sometime I must use ip tcp adjust-mss 1350, and 1300

    Giacomo



  • @capitangiaco:

    Sometime I must use ip tcp adjust-mss 1350, and 1300

    Giacomo

    Better idea to configure mss to 1300…


Log in to reply