MTU value causes L2TP OVER IPSEC business delay

Publication Date:  2012-11-06 Views:  221 Downloads:  0
Issue Description
The user feedback ADSL user uses VPN Client which is based on L2TP OVER IPSEC connect to internal network, when access internal network server, the page delay is big, often appears the phenomenon when opening new WEB page needs a long time refresh.
Alarm Information
None.
Handling Process
Through capture in the firewall found, every time the size of the packet sent from the WEB server is 1500, after superimposed L2TP and IPSEC packet header it will more than 1500, but the network equipment’s MTU value generally is 1500, so will cause the transmission equipment of the network do subcontract processing to this packet, resulting in the network time delay or retransmission, so when opening the WEB page, the delay time is very big.
Through modify the MTU value of the firewall’s internal network port to 1300, after superimposed L2TP and IPSEC packet header it will less than 1500, the network returned to normal, ADSL user can access to internal network server and the web page refresh normally.
Root Cause
Onsite uses ping command detect the connected situation with the WEB server, found there is no packet loss, the time delay also is in the normal range, the network is normal. Therefore suspected it is packet retransmission causes accessing duration increased.
Suggestions
None.

END