No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


The L2TP Over IPSec Service is Delayed Due to the Insufficient MTU Value

Publication Date:  2019-07-04 Views:  134 Downloads:  0

Issue Description

After the ADSL user adopts the VPN client to access the intranet based on L2TP over IPSec, the delay for accessing Web pages on the intranet server is long. It always takes a long time to refresh the Web page.

Alarm Information


Handling Process

According to packet obtained on the firewall, the size of the data packets sent by the Web server is 1500 KB. With the L2TP and IPSec packet header, the size of the data packets exceeds 1500 KB. Normally, the value of the Maximum Transmission Unit (MTU) is 1500 KB. Therefore, the transmission device on the network needs to process the data packets one by one, causing network delay or retransmission. As a result, the delay for opening the Web page is long.
Change the MTU value of the internal interface on the firewall to 1300 KB. With the L2TP and IPSec packet header, the size of the data packets is smaller than 1500 KB. The network restores to normal, and Web pages are refreshed normally when ADSL users access the internal server.

Root Cause

Run the ping command to check the connectivity of the Web server. No packet is lost, and the delay is in the normal scope. This indicates that the network is normal. Therefore, the long delay may be caused by packet retransmission.