Home > Computer network > Problem with MTU

Problem with MTU

April 15th, 2015 Leave a comment Go to comments

Problem

One of our customer has two branches. There is Site-2-Site VPN (based on Cisco ASA devices) between those two branches. There was weird problem when traffic went through that Site-2-Site VPN tunnel. Some communications were fine, but most of them didn’t work. Problems that we noticed:

  • OutlookAnywhere didn’t work
  • Domain controllers from both sides couldn’t replicate
  • HTTPS connections didn’t work
  • ESX client didn’t connect to ESXi server via tunnel (Call “ServiceInstance.RetrieveContent” for object “ServiceInstance” on Server…)

Solution

Change MTU on computer to something lower than 1500 MTU. You can use following commands:

netsh int ip show int

netsh interface ipv4 set subinterface “Local Area Connection” mtu=1300 store=persistent

If everything works, you need to adjust MTU on Cisco ASA devices. There is great article about it HERE. We used Method 2.

This change made local administrators very very very happy 🙂

Categories: Computer network Tags:
  1. Peter Palúch
    April 16th, 2015 at 20:17 | #1
    Reply | Quote

    Hi Ondrik,

    Nice observation! I hope, though, that you haven’t left the end hosts with the decreased MTU.

    By the way, there’s also another way of testing for MTU issues without meddling with the sensitive interface settings such as MTUs – just use the ping with the DF bit set while varying the payload size. With all things good, pings of up to 1500 bytes including IP and ICMP headers should be sent and received well. If any MTU issue exists along the path, you’ll either get no responses, or Destination Unreachable/Packet Too Big replies from routers on the path, for all pings whose total size approaches, though isn’t equal to, 1500 bytes.

    Best regards,
    Peter

  2. Ondrej Žilinec
    April 17th, 2015 at 11:51 | #2
    Reply | Quote

    Hello Peter 🙂

    Thank you for your comment. MTU on end user machine was not changed. It was solved by changing settings on ASAs.

  3. Garrettjib
    May 26th, 2025 at 23:32 | #3
    Reply | Quote

    I realize this is unexpected but this grabbed my attention today, there is a ton of people who think that machine learning is the way forward and will transform the method we exist but to be honest I am yet to see any differences in my everyday life that are not on my phone.

    Why would anyone inv some machine into their house as well let alone through some unknown user on the internet.

    What do you all say? Would you have faith in a robot from someone you haven’t met?

    I’m aware companies like Facebook, Amazon, and Standard Unions are building a hub for this, although I am not sure if I would trust these entities in my personal space.

  1. No trackbacks yet.