ads

Style6

Style3[OneLeft]

Style3[OneRight]

Style4

Style5[ImagesOnly]

Style2


Problem:

How to set MTU on Windows Servers.  Windows Server 2012 VPN fragments packets after it applies encryption!  This issue causes latency and causes the VPN to disconnect clients -no good!

Background:

The default packet size is 1500.  Now consider how IPsec encryption adds a number of bytes to the original packet.  This process leads to post-fragmentation conditions.  In other words, packets are fragmented after encryption.  This condition degrades or disrupts VPN performance. 

Solution:

Adjust maximum segment size (MSS) on the outside interface so packet size is less that the default 1500 MTU.

Packet fragmenting occurs when a packet is larger than its default MTU.  TCP fragments the original data and sends it avoid encrypted packet.  According to Cisco, ESP overhead adds a maximum of 73 Bytes to each packet.  Therefore, we can adjust the MSS to a conservative 1400.

PowerShell:


Step 1:  Identify external interface.


PS C:\Users\administrator.SHORELAND_NT> netsh int ipv4 sh int

Idx     Met         MTU          State                Name
---  ----------  ----------  ------------  ---------------------------
  1          50  4294967295  connected     Loopback Pseudo-Interface 1
 29          30     Default  connected     RAS (Dial In) Interface
 12           5        1500  connected     Inside
 14           5        1500  connected     Outside

Step 2.  Modify external interface MSS.

PS C:\Users\administrator.SHORELAND_NT> netsh int ipv4 set subint "Outside" mtu=1350 store=persistent


Step 3.  Confirm MSS:
PS C:\Users\administrator.SHORELAND_NT> netsh int ipv4 sh int

Idx     Met         MTU          State                Name
---  ----------  ----------  ------------  ---------------------------
  1          50  4294967295  connected     Loopback Pseudo-Interface 1
 29          30     Default  connected     RAS (Dial In) Interface
 12           5        1500  connected     Inside


 14           5        1400  connected     Outside

That's It!

References:



About Steven Jordan

Steven Jordan is an infrastructure and process management specialist. Steven holds a Master of Science degree in ICT from the University of Wisconsin Stout. Steven is also a Cisco Certified Network Professional (CCNP) and Master Gardener.
«
Next
Newer Post
»
Previous
Older Post

No comments:

Post a Comment