A newly installed spoke router is configured for DMVPN with the ip mtu 1400 command. Which configuration allows the spoke to use fragmentation with the maximum negotiated TCP MTU over GRE?
A newly installed spoke router is configured for DMVPN with the ip mtu 1400 command. Which configuration allows the spoke to use fragmentation with the maximum negotiated TCP MTU over GRE?
To allow a spoke router configured for DMVPN to use fragmentation with the maximum negotiated TCP MTU over GRE, the command 'ip tcp adjust-mss 1360 crypto ipsec fragmentation after-encryption' is appropriate. The 'ip tcp adjust-mss 1360' command adjusts the maximum segment size (MSS) for TCP to 1360 bytes, which is required when the MTU is set to 1400 bytes to ensure that packets do not exceed the MTU after accounting for additional headers. The 'crypto ipsec fragmentation after-encryption' command ensures that fragmentation occurs after IPsec encryption, allowing the maximum TCP MTU to be used effectively.
"When IPsec is being used, it is customary to set the MTU size on the tunnel interfaces to 1,400 bytes and to set the TCP-MSS-adjust to 1,360 bytes. " https://www.networkworld.com/article/2224654/mtu-size-issues.html For me "# crypto ipsec fragmentation before-encryption" would make more sense, but that option is not give, so I vote for "B". " If the routers are performing fragmentation on behalf of the source node, it may be desirable to have the fragmentation performed prior to encryption, so the destination tunnel router doesn't have to reassemble the fragments and then perform the decryption." https://manualzz.com/doc/33447188/configuring-ipsec-vpn-fragmentation-and-mtu
B is corerct
Correct! R5(config-if)#crypto ipsec fragmentation ? after-encryption Perform fragmentation of large packets after IPSec encapsulation before-encryption Perform fragmentation of large packets before IPSec encapsulation.