Ipsec through a cisco 800 in router mode

freax

Hi.

I have an ipsec tunnel between 2 pfsense's. One of them has a cisco 800 in front in router mode. The other has a zyxel in front in router mode.

The pfsense with the zyxel works great. The pfsense with the cisco has serious problems with mtu values.

The IPSEC is established and i can use services that does little TCP overhead like ssh, text, etc.
Larger packets (Remote desktop, file transfers, images, …) doesn't work.

Is there some option in pfsense to force a mtu value in ipsec tunnels only ? Or some option to force cisco 800 to auto negociate ?

Thanks in advance.

paulwollner

On the cisco, try the following: (Assuming Ethernet0 is the local interface)

int Ethernet0
ip tcp adjust-mss 1452

capitangiaco

Sometime I must use ip tcp adjust-mss 1350, and 1300

Giacomo

psylo

@capitangiaco:

Sometime I must use ip tcp adjust-mss 1350, and 1300

Giacomo

Better idea to configure mss to 1300…