Dave_Mitchell
asked on
CRYPTO_ENGINE: locally-sourced pkt w/DF bit set is too big,ip->tl=1420
Good morning all,
I have set up a Cisco EZVPN between a Head-end Router and a Remote router and everything is working just fine except that when I console in the Remote router is get the following error:
% CRYPTO_ENGINE: locally-sourced pkt w/DF bit set is too big,ip->tl=1420
I have another EZVPN Remote router setup to the same head-end EZVPN Server and this doesn’t get the error although apart from the difference in Cisco hardware between the two Remote routers they are identical in config.
The router I have working is a Cisco 1811 running over Vodafone 3G network
The router I have working but have the error on is a Cisco 881W running over the Vodafone 3G network
Router is in good coverage area for 3G and uses IPsec over a GRE Tunnel to communicate directly with the head-end EZVPN Router which is a Cisco 2800 series
Any help with this would be much appreciated
Many thanks
David
I have set up a Cisco EZVPN between a Head-end Router and a Remote router and everything is working just fine except that when I console in the Remote router is get the following error:
% CRYPTO_ENGINE: locally-sourced pkt w/DF bit set is too big,ip->tl=1420
I have another EZVPN Remote router setup to the same head-end EZVPN Server and this doesn’t get the error although apart from the difference in Cisco hardware between the two Remote routers they are identical in config.
The router I have working is a Cisco 1811 running over Vodafone 3G network
The router I have working but have the error on is a Cisco 881W running over the Vodafone 3G network
Router is in good coverage area for 3G and uses IPsec over a GRE Tunnel to communicate directly with the head-end EZVPN Router which is a Cisco 2800 series
Any help with this would be much appreciated
Many thanks
David
DIPRAJ
http://www.cisco.com/application/pdf/en/us/guest/netsol/ns171/c649/ccmigration_09186a008074f24a.pdf
What is the MTU set at on the working router?
ASKER
From original working router
Interface Tunnel 0
Bandwidth 512
ip unnumbered Loopbacl 0
ip mtu 1420
ip tcp adjust-mss 1350
keepalive 10 3
tunnel source loopback1
tunel destination 217.x.x.x
tunnel path-mtu-discovery
Thanks
David
Interface Tunnel 0
Bandwidth 512
ip unnumbered Loopbacl 0
ip mtu 1420
ip tcp adjust-mss 1350
keepalive 10 3
tunnel source loopback1
tunel destination 217.x.x.x
tunnel path-mtu-discovery
Thanks
David
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks Daniel, very useful document
ASKER
Had to read up on quite a bit before determining if the answer provided was feasible and it was.