Packet fragmentation and VPNs

Posted on 2009-04-28
Last Modified: 2012-05-06
is it normal to see the following when you do a show cry ipsec?
We have two sites connected via l2l tunnel. There are some voice quality issues and it looks like there is packet fragmentation. Could this affect the voice quality? Users are complaining about static and not being able to hear all of the words (they get cut off)

If you define an MTu size and MSS size, could it fix the fragmenetation
#pkts encaps: 4777, #pkts encrypt: 4783, #pkts digest: 4783

      #pkts decaps: 2914, #pkts decrypt: 2914, #pkts verify: 2914

      #pkts compressed: 0, #pkts decompressed: 0

      #pkts not compressed: 4777, #pkts comp failed: 0, #pkts decomp failed: 0

      #pre-frag successes: 6, #pre-frag failures: 0, #fragments created: 12

      #PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 15

      #send errors: 0, #recv errors: 0

Open in new window

Question by:dissolved
    LVL 25

    Assisted Solution

    by:Ron M
    what voice codec are you using accross the  vpn, and what is your bandwidth ?...max simultaneous calls ?

    Author Comment

    believe its 711. bandwidth is a t1. max simultaneous calls wouldn't be more than 5
    LVL 23

    Assisted Solution

    I would expect more errors if your MTU or MSS were wrong..
    However, it would make a difference..

    Since its a T1, standard sizes should be fine, but depends on the termination equipments setup..
    so, 1500 (MTU) and 1540 (MSS) should be fine.

    If you are sharing the link with Data, what is your QOS policy in effect?

    Is it an internet link, managed link or dedicated link?

    Can you get quality reports out of the phone system like jitter and loss, the errors could be coming from elsewhere..

    LVL 43

    Accepted Solution

    The VoIP packets aren't the packets being fragmented as they are too small to ever be fragmented.  You may want to try using 729 codec for the VPN sites.

    The real issue here is you have no guaranteed bandwidth or priority queuing for voice traffic through the Internet.  This is the downside to using an Internet based VPN versus MPLS VPN or "private line" where you can do QoS end to end.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    When you connect to your workplace's VPN, you may not notice that you are using your workplace's servers to serve up webpages.  This might be undesirable since the workplace can log all the places you've been.  It also might be very slow to load pag…
    Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    794 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now