Examice

Exam 300-410 All QuestionsBrowse all questions from this exam

Question 263

A network administrator must optimize the segment size of the TCP packet on the DMVPN IPsec protected tunnel interface, which carries application traffic from the head office to a designated branch. The TCP segment size must not overwhelm the MTU of the outbound link. Which configuration must be applied to the router to improve the application performance?

interface tunnel30 ip mtu 1400 ip tcp payload-size 1360 ! crypto ipsec fragmentation before-encryption

interface tunnel30 ip mtu 1400 ip tcp adjust-mss 1360 ! crypto ipsec fragmentation after-encryption

interface tunnel30 ip mtu 1400 ip tcp max-segment 1360 ! crypto ipsec fragmentation before-encryption

interface tunnel30 ip mtu 1400 ip tcp packet-size 1360 ! crypto ipsec fragmentation after-encryption

Correct Answer: B

To optimize the TCP segment size on a DMVPN IPsec protected tunnel interface without overwhelming the MTU of the outbound link, the correct configuration includes setting the 'ip tcp adjust-mss', which adjusts the TCP maximum segment size (MSS) in the SYN packets to prevent fragmentation. This ensures that the TCP segments plus the IPsec overhead do not exceed the MTU of the underlying network. The correct command is 'ip tcp adjust-mss 1360', and 'crypto ipsec fragmentation after-encryption' should be used to handle fragmentation appropriately. This configuration aligns with best practices for managing TCP segment sizes on VPN tunnels.

Discussion

HungarianDishOption: B

As well as I see, only "B" contains valid commands. https://www.networkworld.com/article/2224654/mtu-size-issues.html https://networkengineering.stackexchange.com/questions/11283/pre-fragmentation-for-ipsec-vpns-on-cisco-routers

SeMo0o0o0Option: B

B is corerct