Skip to content

Juniper SRX IPSEC MTU

June 11, 2013

We had an outage on one of our WAN links last week, (un)luckily I had a spare ADSL link to the internet on the router that had it’s link go down and had IPSEC configured back to the head office. The only problem was when we went to use ipsec over the spare link we had dropped connections left right and center.

I knew the problem was the mtu size having seen the same issues before on other connection, but I wasn’t sure if it was on the ADSL PPP connection or on the IPSEC connection that I had to set the MTU size.

Going to site and falling all traffic over to the backup connection I was quickly able to work out that the ADSL PPP MTU was ok it was IPSEC the only problem. Setting the MTU under the interfaces st0 interface did not seem to work. A bit of googling uncovered the issue, ipsec MTU is set under security flow and apply’s to all ipsec vpns.


set security flow tcp-mss ipsec-vpn mss 1350

A value between 1300 to 1350 should work depending on what kind of encryption you have set.

Advertisements

From → Juniper

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: