The L2TP Over IPSec Service is Delayed due to the Insufficient MTU Value

Publication Date:  2012-07-21 Views:  189 Downloads:  0
Issue Description
After the ADSL user adopts the VPN client to access the intranet based on L2TP over IPSec, the delay for accessing Web pages on the intranet server is long. It always takes a long time to refresh the Web page.
Alarm Information
None.
Handling Process
According to packet capture on the firewall, the size of the data packets sent by the Web server is 1500 KB. With the L2TP and IPSec packet header, the size of the data packets exceeds 1500 KB. Normally, the value of the Maximum Transmission Unit (MTU) is 1500 KB. Therefore, the transmission device on the network needs to process the data packets one by one, causing network delay or retransmission. As a result, the delay for opening the Web page is long.
Change the MTU value of the internal interface on the firewall to 1300 KB. With the L2TP and IPSec packet header, the size of the data packets is smaller than 1500 KB. The network restores to normal, and Web pages are refreshed normally when ADSL users access the internal server.
Root Cause
Run the ping command to check the connectivity of the Web server. No packet is lost, and the delay is in the normal scope. This indicates that the network is normal. Therefore, the long delay may be caused by packet retransmission.
Suggestions
None.

END