Hello,
We have some print and file tranfser issues over IPSEC VPN, print jobs with a pdf file with a image in it which are send from site A to site B over a VPN to the printer get stuck, sometimes it will print but other times it will fail and the print job will try to retry forever. We tried everything, from different drivers to isolating them and even a new test server.
I found a blog where the discuss the MTU size and how you can calculate to see what the IPSEC overhead would be. networkcanuck.com/.../
On site A we use a Coax cable WAN 500Mbit down and 50Mbit up, the MTU size was set to default (1500)
On site B we use fiber for the WAN 50Mbit up and 50Mbit down. It connects via PPPoE and the MSU is set to 1492 and MSS override is set to 1444
So I did the following test, like described in the blog https://networkcanuck.com/2013/06/10/troubleshooting-mtu-size-over-ipsec-vpn/
First pinging the site A Sophos XG 125 from the site A Lan
Ping 192.168.100.1 -f -l 1472 > A good ping result
Ping 192.168.100.1 -f -l 1472 > Packet needs to be fragmented but DF set. Like expected
Then Pinging the site B Sophos XG 135 from the site A Lan (over ipsec vpn)
Ping 192.168.200.1 -f -l 1472 > Packet needs to be fragmented but DF set.
Ping 192.168.200.1 -f -l 1418 > A good ping result
So 1418 should be the correct number + 8 for the ICMP header and 20 for the IP header which would make a MTU of 1446.
But the PPPoE on Site B takes 8 so would the correct MTU be 1438?
And should this be set at both Sophos XG firewalls? And what about the MSS value?
This thread was automatically locked due to age.
