Ask the Expert

Reduce MTU for VPN connecting to ADSL

I have a customer with a Checkpoint 650 VPN concentrator and Checkpoint client VPN on a PC. The Client VPN PC is connected to Verizon's ADSL Line that runs PPPoE. We can establish the VPN tunnel, but then we cannot do anything but ping the devices across the tunnel. I read about MTU issues with PPPoE, so I assume the IPSec Header plus the PPPoE header are making the packets larger than the default 1500 and they are getting dropped somewhere in the Verizon ATM cloud. Is there a way I can make the VPN client negotiate a smaller MTU size with the host on the other end of the VPN tunnel (email servers, file servers etc.)? Or is there another solution?

    Requires Free Membership to View

I ran into this problem with Pacific Bell's DSL service. Try reducing the MTU to 1492 bytes or less. The instructions for doing this are on the RASPPPOE site. Here is the link: http://user.cs.tu-berlin.de/~normanb/ (search for MTU on the page).

DSL Reports also has more info on this topic: www.dslresports.com (search for PPPOE and MTU).

This was first published in January 2002

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: