IPsec Tunnels
Posted: Thu Aug 27, 2015 8:01 pm
by remotelylocated
Is there any way that these switches are blocking IPsec Traffic? About the same time I put in the WS-20-400A one of my clients also lost connectivity to his IPsec Tunnel. Coincidence? Or is there an issue here.
Jason
Remotely Located
Re: IPsec Tunnels
Posted: Fri Aug 28, 2015 7:22 am
by sirhc
The difference is due to the padding field in the ESP packet, it changes size depending on the original packet size, so yes, the exact additional number of bytes is not always the same. A couple of examples (ESP tunnel mode):
1500 byte packet becomes 1552 bytes:
20 bytes IPsec header (tunnel mode)
Try increasing MTU on the switch by at least 20 bytes IF NOT MORE