No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade
Knowledge Base

VPN configuration that permits IPBX communication

Publication Date:  2019-07-19  |   Views:  362  |   Downloads:  0  |   Author:  m84068533  |   Document ID:  EKB1000489523

Contents

Issue Description

Customer needed a VPN configuration between 2 AR157W routers, in order to permit 2 IPBX devices connected to the routers to communicate between them.

Handling Process

As the first step, we reproduced customer's configuration in our laboratory and provided a valid configuration for a GRE tunnel between the routers, as the client was using OSPF as the routing protocol. After this configuration was implemented, the communication between customer's routers and the IPBX-es connected to them didn't work.

As the second step, we identified that the problem was that during communication, there were some fragments dropped. By doing packet capture, we found out that the communication uses TCP as the transport layer protocol to get the configuration from the peer router, but some packets lengths were larger than 1500 bytes and a there were also a few re-transmissions taking place. 

If the size of an IP packet sent by the peer device exceeds the MTU (default MTU value is 1500 bytes), the IP packet is fragmented. To ensure that the packet transmission is not affected, the MSS value plus the header lengths (such as the TCP header and IP header) must not exceed the MTU value. In order to ensure that packets are not fragmented the recommended MSS value would be 1200 bytes.

Therefore, we suggested the implementation of the command: "TCP adjust-mss 1200 on tunnel0/0/0"  on both routers.

Root Cause

Fragments are dropped during communication.

Solution

Use the command, on both routers : "TCP adjust-mss 1200 on tunnel0/0/0", to ensure that the MSS value plus the header lengths does not exceed the MTU value.