Question:
We have recently WS-C3560X-48T-L been dealing with a situation where we get the above packets and
access to one of our applications just hangs.
To tell you a bit about our network, hub and spoke topology, with IPSEC GRE tunnels
over MPLS, and the application stored at the hub site.
Now on the link into the hub site we have a firewall that filters the data coming in
from remote sites. On the outside interface of the firewall (which is connected to
the hub router) I capture a lot of 'icmp unreachable need to frag (mtu 1416)' packets
from the router interface when the app attempts to reply to the client request.
Basically the application is not accessiblefrom any remote sites.
I have checked the mtu size on the firewall interface and 1500, on the router is not
changed so I'm presuming it'll be the default one so am not quite sure where to look
or what the problem might be.
Any help or direction is much appreciated.
And here's a sample of the packet capture:
101: 10:18:50 0x0800 70: 192.168.60.254 > 192.168.240.11: icmp: 192.168.67.10
unreachable - need to frag (mtu 1416) (ttl 255, id 23798)
Where is 192.168.60.254 is the router interface, 192.168.240.11 is the application
and 192.168.67.10 is the client.
Answer:
try to set "ip tcp adjust-mss 1360" on router interface looking to the LAN side.
This need to be done on both sides. WS-C3560X-24T-S
Original comes from
http://switch.2329893.n4.nabble.com/
没有评论:
发表评论