<div>
Ernie is correct. MTU can only be set on the physical intf's and not sub's. A subinterface will always take the MTU from the physical one.
</div>


Ernie is correct. MTU can only be set on the physical intf's and not sub's. A subinterface will always take the MTU from the physical one.

<div>
<div class="content wysiwyg-content">
Hi -<br />
&nbsp;<br />
&nbsp;<br />
I'm setting up a Site-to-Site Cisco VPN between ASA 5510s. I'm being told by the remote site engineer to set the maximum MTU at 1362.<br />
&nbsp;<br />
Is it possible to set the MTU for one specific site-to-site VPN on my ASA 5510 Security Plus to MTU 1362? I see my interfeces are all set at 1500.<br />
<br />
I came across <u>sysopt connection tcpmss &quot;MTU size&quot;</u> but this appears to be for all traffic going through the ASA. <br />
&nbsp;<br />
If not, would you recommend I setup a subinterface on my inside network router and a subinterface on the ASA with an MTU of 1362 to get around this issue? Then use this subinterface for traffic from my inside network to transverse through prior to hitting the VPN.<br />
&nbsp;<br />
Thank you.
</div>
</div>


Hi -
 
 
I'm setting up a Site-to-Site Cisco VPN between ASA 5510s. I'm being told by the remote site engineer to set the maximum MTU at 1362.
 
Is it possible to set the MTU for one specific site-to-site VPN on my ASA 5510 Security Plus to MTU 1362? I see my interfeces are all set at 1500.

I came across sysopt connection tcpmss "MTU size" but this appears to be for all traffic going through the ASA. 
 
If not, would you recommend I setup a subinterface on my inside network router and a subinterface on the ASA with an MTU of 1362 to get around this issue? Then use this subinterface for traffic from my inside network to transverse through prior to hitting the VPN.
 
Thank you.

Change MTU for just one Site-to-Site VPN between ASAs?

Internet Protocol Security (IPsec) is a protocol suite for secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec can be used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host). IPsec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite.

Internet Protocol Security

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).