We have 2 sites (Site A and Site B) connected with an GRE over IPSEC tunnel. When we first setup the tunnel, site B could not access internet from site A. We adjusted the MTU size from 1500 to 1524 (IP MTU 1524) on the tunnel interface (tunnel1) and now internet works correctly for users in site B however we are experiecing performance issues which I believe are caused by fragmentation.
I have been doing some research on the issue and how to avoid it and I have seen some recommendations pf applying an MSS of 1300 (ip tcp adjust-mss 1300).
My questions are:
If we setup the mss, should I remove the IP MTU 1524 statements from the tunnel interface on both routers? What interface/s would I apply it to? LAN, WAN (tunnel or physical interface?), both? I am guessing I would do the same for both ends?
Any other recommendations anyone might have in regards og GRE over IPSEC?
Thanks in advance