PIX to PIX VPN tunnel MTU question

Posted on 2006-05-18
Last Modified: 2013-11-16

I have a VPN tunnel setup between a PIX 515E & PIX 501. I have problems on my windows XP clients that connect to the DC through the VPN. I'm pretty sure it's an MTU issue. The 515E is set at 1500 and the 501 is set at 1492 (adsl). Do these have to be the same for the VPN to function properly??? And is there not a way t assign an MTU setting to a VPN tunnel??

Question by:inf2300

    Author Comment

    ok i think i may have found my problem

    Cause i'm getting exactly that

    Event Type:      Error
    Event Source:      Userenv
    Event Category:      None
    Event ID:      1054
    Date:            5/18/2006
    Time:            11:10:29 AM
    User:            NT AUTHORITY\SYSTEM
    Computer:      XXX-XXXXXXXXX
    Windows cannot obtain the domain controller name for your computer network. (An unexpected network error occurred. ). Group Policy processing aborted.

    For more information, see Help and Support Center at

    So how do i allow bigger ping sizes through the tunnel
    LVL 32

    Expert Comment

    Hi inf2300,

     For the moment forget about the MTU set on the PIX boxes and concentrate on the problem machine. 2 Steps to be done;

    1. Go to C:\Windows\System32\Drivers\etc and add an entry to the 'hosts' file for your DC like below;

    x.x.x.x DCName

    2. Open a command prompt on the machine and try this;

      ping -l 1400 -f <DCIPADDRESS>

      It might say that the req cannot be processed because of the MTU size as 1400 and 'don't defragment' (-f) bit is set. Now start reducing the value from 1400 to lower and see when it succeeds. This will get you the optimal MTU size. 1300 would be a good value.

      After you do both of the above see if there is any improvement and post back

    LVL 32

    Accepted Solution


      Also once you find out the optimal MTU value, set that as the default value on the xp machine. Reboot the machine and try logging in. How to set the MTU on the xp machine can be found here; look for the key;


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
    Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!
    Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    7 Experts available now in Live!

    Get 1:1 Help Now