This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Don't Fragmented packet over 1372 byte

I have tunnel ipsec in 2 site but don't passet packet over 1372 byte someone can help me to solve the problem

Thaks

for example with a 1400 byte ping from this error

C:\Users\Administrator>ping 192.168.0.249 -l 1400

Pinging 192.168.0.249 with 1400 bytes of data:
Reply from 10.1.128.36: Packet needs to be fragmented but DF set.
Reply from 10.1.128.36: Packet needs to be fragmented but DF set.
Reply from 10.1.128.36: Packet needs to be fragmented but DF set.
Reply from 10.1.128.36: Packet needs to be fragmented but DF set.

Ping statistics for 192.168.0.249:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

C:\Users\Administrator>

This thread was automatically locked due to age.

0 Massimiliano Talin1 over 2 years ago

for example with a 1400 byte ping from this error

C:\Users\Administrator>ping 192.168.0.249 -l 1400

Pinging 192.168.0.249 with 1400 bytes of data:
Reply from 10.1.128.36: Packet needs to be fragmented but DF set.
Reply from 10.1.128.36: Packet needs to be fragmented but DF set.
Reply from 10.1.128.36: Packet needs to be fragmented but DF set.
Reply from 10.1.128.36: Packet needs to be fragmented but DF set.

Ping statistics for 192.168.0.249:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

C:\Users\Administrator>
Cancel
Vote Up 0 Vote Down

Cancel
0 Bharat J over 2 years ago

Massimiliano Talin1 said:
I have tunnel ipsec in 2 site but don't passet packet over 1372

Since when have you started observing this issue? it was working earlier and stopped working ? Please share the current firmware version running on Sophos XG firewall.

Site-to-site IPSec VPN is between two Sophos XG?

Please login to SSH of Sophos XG go to option 4 and run tcpdump along with ping share output

console>tcpdump 'host 192.168.0.249 and proto ICMP

console>dr 'host 192.168.0.249 and proto ICMP

Regards

"Sophos Partner: Infrassist Technologies Pvt Ltd".

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 Massimiliano Talin1 over 2 years ago in reply to Bharat J

I have 2 sophos xg firewall version SFOS 18.5.4 MR-4-Build418

I have vpn over tunnel interface

Wen I ping 192.168.60.2 (pc) with package 3000 byte don't work in original pc responde Reply from 10.1.128.36: Packet needs to be fragmented but DF set.

---

console>
console> tcpdump '192.168.60.2 and proto ICMP
tcpdump: can't parse filter expression: syntax error
console> tcpdump 'host 192.168.60.2 and proto ICMP
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 byt es
13:07:26.874391 PortF1, IN: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 44964, length 1368
13:07:26.874401 PortF1, IN: IP 10.1.90.34 > 192.168.60.2: ip-proto-1
13:07:26.874405 PortF1, IN: IP 10.1.90.34 > 192.168.60.2: ip-proto-1
13:07:26.874405 BridgeLAN, IN: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 44964, length 3008
13:07:26.874648 xfrm19, OUT: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 44964, length 1376
13:07:26.874674 xfrm19, OUT: IP 10.1.90.34 > 192.168.60.2: ip-proto-1
13:07:26.874680 xfrm19, OUT: IP 10.1.90.34 > 192.168.60.2: ip-proto-1
13:07:27.882455 PortF1, IN: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 44965, length 1368
13:07:27.882462 PortF1, IN: IP 10.1.90.34 > 192.168.60.2: ip-proto-1
13:07:27.882465 PortF1, IN: IP 10.1.90.34 > 192.168.60.2: ip-proto-1
13:07:27.882465 BridgeLAN, IN: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 44965, length 3008
13:07:27.882595 xfrm19, OUT: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 44965, length 1376
13:07:27.882622 xfrm19, OUT: IP 10.1.90.34 > 192.168.60.2: ip-proto-1
13:07:27.882627 xfrm19, OUT: IP 10.1.90.34 > 192.168.60.2: ip-proto-1
13:07:28.898127 PortF1, IN: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 44966, length 1368
13:07:28.898138 PortF1, IN: IP 10.1.90.34 > 192.168.60.2: ip-proto-1
13:07:28.898141 PortF1, IN: IP 10.1.90.34 > 192.168.60.2: ip-proto-1
13:07:28.898141 BridgeLAN, IN: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 44966, length 3008
13:07:28.898257 xfrm19, OUT: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 44966, length 1376
13:07:28.898283 xfrm19, OUT: IP 10.1.90.34 > 192.168.60.2: ip-proto-1
13:07:28.898289 xfrm19, OUT: IP 10.1.90.34 > 192.168.60.2: ip-proto-1
13:07:29.913756 PortF1, IN: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 44967, length 1368
13:07:29.913769 PortF1, IN: IP 10.1.90.34 > 192.168.60.2: ip-proto-1
13:07:29.913773 PortF1, IN: IP 10.1.90.34 > 192.168.60.2: ip-proto-1
13:07:29.913773 BridgeLAN, IN: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 44967, length 3008
13:07:29.913845 xfrm19, OUT: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 44967, length 1376
13:07:29.913878 xfrm19, OUT: IP 10.1.90.34 > 192.168.60.2: ip-proto-1
13:07:29.913883 xfrm19, OUT: IP 10.1.90.34 > 192.168.60.2: ip-proto-1
13:07:30.929482 PortF1, IN: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 44968, length 1368
13:07:30.929492 PortF1, IN: IP 10.1.90.34 > 192.168.60.2: ip-proto-1
13:07:30.929495 PortF1, IN: IP 10.1.90.34 > 192.168.60.2: ip-proto-1
13:07:30.929495 BridgeLAN, IN: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 44968, length 3008
13:07:30.929626 xfrm19, OUT: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 44968, length 1376
13:07:30.929651 xfrm19, OUT: IP 10.1.90.34 > 192.168.60.2: ip-proto-1
13:07:30.929657 xfrm19, OUT: IP 10.1.90.34 > 192.168.60.2: ip-proto-1
13:07:31.945760 PortF1, IN: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 44969, length 1368
13:07:31.945770 PortF1, IN: IP 10.1.90.34 > 192.168.60.2: ip-proto-1
13:07:31.945773 PortF1, IN: IP 10.1.90.34 > 192.168.60.2: ip-proto-1
13:07:31.945773 BridgeLAN, IN: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 44969, length 3008
13:07:31.945884 xfrm19, OUT: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 44969, length 1376
13:07:31.945912 xfrm19, OUT: IP 10.1.90.34 > 192.168.60.2: ip-proto-1
13:07:31.945917 xfrm19, OUT: IP 10.1.90.34 > 192.168.60.2: ip-proto-1
13:07:32.961409 PortF1, IN: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 44970, length 1368
13:07:32.961418 PortF1, IN: IP 10.1.90.34 > 192.168.60.2: ip-proto-1
13:07:32.961421 PortF1, IN: IP 10.1.90.34 > 192.168.60.2: ip-proto-1
13:07:32.961421 BridgeLAN, IN: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 44970, length 3008
13:07:32.961529 xfrm19, OUT: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 44970, length 1376
13:07:32.961555 xfrm19, OUT: IP 10.1.90.34 > 192.168.60.2: ip-proto-1
13:07:32.961558 xfrm19, OUT: IP 10.1.90.34 > 192.168.60.2: ip-proto-1
13:07:33.976982 PortF1, IN: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 44971, length 1368
13:07:33.976992 PortF1, IN: IP 10.1.90.34 > 192.168.60.2: ip-proto-1
13:07:33.979944 PortF1, IN: IP 10.1.90.34 > 192.168.60.2: ip-proto-1
13:07:33.979944 BridgeLAN, IN: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 44971, length 3008
13:07:33.980025 xfrm19, OUT: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 44971, length 1376
13:07:33.980052 xfrm19, OUT: IP 10.1.90.34 > 192.168.60.2: ip-proto-1
13:07:33.980057 xfrm19, OUT: IP 10.1.90.34 > 192.168.60.2: ip-proto-1
13:07:34.992654 PortF1, IN: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 44972, length 1368
13:07:34.992666 PortF1, IN: IP 10.1.90.34 > 192.168.60.2: ip-proto-1
13:07:34.992669 PortF1, IN: IP 10.1.90.34 > 192.168.60.2: ip-proto-1
13:07:34.992669 BridgeLAN, IN: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 44972, length 3008
13:07:34.992785 xfrm19, OUT: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 44972, length 1376
13:07:34.992820 xfrm19, OUT: IP 10.1.90.34 > 192.168.60.2: ip-proto-1
13:07:34.992824 xfrm19, OUT: IP 10.1.90.34 > 192.168.60.2: ip-proto-1
13:07:36.008290 PortF1, IN: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 44973, length 1368
13:07:36.008299 PortF1, IN: IP 10.1.90.34 > 192.168.60.2: ip-proto-1
13:07:36.008302 PortF1, IN: IP 10.1.90.34 > 192.168.60.2: ip-proto-1
13:07:36.008302 BridgeLAN, IN: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 44973, length 3008
13:07:36.008380 xfrm19, OUT: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 44973, length 1376
13:07:36.008405 xfrm19, OUT: IP 10.1.90.34 > 192.168.60.2: ip-proto-1
13:07:36.008409 xfrm19, OUT: IP 10.1.90.34 > 192.168.60.2: ip-proto-1
13:07:37.023935 PortF1, IN: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 44979, length 1368
13:07:37.023949 PortF1, IN: IP 10.1.90.34 > 192.168.60.2: ip-proto-1
13:07:37.023952 PortF1, IN: IP 10.1.90.34 > 192.168.60.2: ip-proto-1
13:07:37.023952 BridgeLAN, IN: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 44979, length 3008
13:07:37.024023 xfrm19, OUT: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 44979, length 1376
13:07:37.024056 xfrm19, OUT: IP 10.1.90.34 > 192.168.60.2: ip-proto-1
13:07:37.024060 xfrm19, OUT: IP 10.1.90.34 > 192.168.60.2: ip-proto-1
13:07:38.039977 PortF1, IN: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 44980, length 1368
13:07:38.039986 PortF1, IN: IP 10.1.90.34 > 192.168.60.2: ip-proto-1
13:07:38.039989 PortF1, IN: IP 10.1.90.34 > 192.168.60.2: ip-proto-1
13:07:38.039989 BridgeLAN, IN: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 44980, length 3008
13:07:38.040052 xfrm19, OUT: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 44980, length 1376
13:07:38.040079 xfrm19, OUT: IP 10.1.90.34 > 192.168.60.2: ip-proto-1
13:07:38.040083 xfrm19, OUT: IP 10.1.90.34 > 192.168.60.2: ip-proto-1
13:07:39.055676 PortF1, IN: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 44981, length 1368
13:07:39.055686 PortF1, IN: IP 10.1.90.34 > 192.168.60.2: ip-proto-1
13:07:39.055688 PortF1, IN: IP 10.1.90.34 > 192.168.60.2: ip-proto-1
13:07:39.055688 BridgeLAN, IN: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 44981, length 3008
13:07:39.055812 xfrm19, OUT: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 44981, length 1376
13:07:39.055841 xfrm19, OUT: IP 10.1.90.34 > 192.168.60.2: ip-proto-1
13:07:39.055845 xfrm19, OUT: IP 10.1.90.34 > 192.168.60.2: ip-proto-1
^C
91 packets captured
131 packets received by filter
4 packets dropped by kernel
console>----

Wen I ping 192.168.60.2 (pc) with package 1372 byte work all

----

console>
console>
console>
console>
console>
console>
console>
console> tcpdump 'host 192.168.60.2 and proto ICMP
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes
13:10:38.838060 PortF1, IN: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 45057, length 1380
13:10:38.838060 BridgeLAN, IN: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 45057, length 1380
13:10:38.838244 xfrm19, OUT: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 45057, length 1380
13:10:38.866805 xfrm19, IN: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45057, length 1380
13:10:38.866880 BridgeLAN, OUT: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45057, length 1380
13:10:38.866891 PortF1, OUT: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45057, length 1380
13:10:38.866893 oct0, OUT: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45057, length 1380
13:10:39.855758 PortF1, IN: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 45058, length 1380
13:10:39.855758 BridgeLAN, IN: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 45058, length 1380
13:10:39.855797 xfrm19, OUT: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 45058, length 1380
13:10:39.884166 xfrm19, IN: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45058, length 1380
13:10:39.884195 BridgeLAN, OUT: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45058, length 1380
13:10:39.884199 PortF1, OUT: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45058, length 1380
13:10:39.884200 oct0, OUT: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45058, length 1380
13:10:40.871416 PortF1, IN: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 45059, length 1380
13:10:40.871416 BridgeLAN, IN: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 45059, length 1380
13:10:40.871471 xfrm19, OUT: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 45059, length 1380
13:10:40.901479 xfrm19, IN: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45059, length 1380
13:10:40.901528 BridgeLAN, OUT: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45059, length 1380
13:10:40.901534 PortF1, OUT: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45059, length 1380
13:10:40.901536 oct0, OUT: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45059, length 1380
13:10:41.888587 PortF1, IN: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 45065, length 1380
13:10:41.888587 BridgeLAN, IN: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 45065, length 1380
13:10:41.888673 xfrm19, OUT: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 45065, length 1380
13:10:41.913959 xfrm19, IN: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45065, length 1380
13:10:41.913989 BridgeLAN, OUT: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45065, length 1380
13:10:41.913993 PortF1, OUT: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45065, length 1380
13:10:41.913994 oct0, OUT: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45065, length 1380
13:10:42.902744 PortF1, IN: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 45066, length 1380
13:10:42.902744 BridgeLAN, IN: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 45066, length 1380
13:10:42.902789 xfrm19, OUT: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 45066, length 1380
13:10:42.931685 xfrm19, IN: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45066, length 1380
13:10:42.931723 BridgeLAN, OUT: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45066, length 1380
13:10:42.931727 PortF1, OUT: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45066, length 1380
13:10:42.931728 oct0, OUT: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45066, length 1380
13:10:43.918913 PortF1, IN: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 45067, length 1380
13:10:43.918913 BridgeLAN, IN: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 45067, length 1380
13:10:43.918952 xfrm19, OUT: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 45067, length 1380
13:10:43.951906 xfrm19, IN: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45067, length 1380
13:10:43.951936 BridgeLAN, OUT: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45067, length 1380
13:10:43.951939 PortF1, OUT: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45067, length 1380
13:10:43.951940 oct0, OUT: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45067, length 1380
13:10:44.934438 PortF1, IN: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 45068, length 1380
13:10:44.934438 BridgeLAN, IN: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 45068, length 1380
13:10:44.934508 xfrm19, OUT: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 45068, length 1380
13:10:44.961556 xfrm19, IN: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45068, length 1380
13:10:44.961588 BridgeLAN, OUT: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45068, length 1380
13:10:44.961592 PortF1, OUT: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45068, length 1380
13:10:44.961593 oct0, OUT: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45068, length 1380
13:10:45.950277 PortF1, IN: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 45069, length 1380
13:10:45.950277 BridgeLAN, IN: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 45069, length 1380
13:10:45.950346 xfrm19, OUT: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 45069, length 1380
13:10:45.989410 xfrm19, IN: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45069, length 1380
13:10:45.989443 BridgeLAN, OUT: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45069, length 1380
13:10:45.989450 PortF1, OUT: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45069, length 1380
13:10:45.989451 oct0, OUT: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45069, length 1380
13:10:46.965772 PortF1, IN: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 45070, length 1380
13:10:46.965772 BridgeLAN, IN: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 45070, length 1380
13:10:46.965837 xfrm19, OUT: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 45070, length 1380
13:10:46.991788 xfrm19, IN: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45070, length 1380
13:10:46.991827 BridgeLAN, OUT: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45070, length 1380
13:10:46.991831 PortF1, OUT: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45070, length 1380
13:10:46.991833 oct0, OUT: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45070, length 1380
13:10:47.981384 PortF1, IN: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 45071, length 1380
13:10:47.981384 BridgeLAN, IN: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 45071, length 1380
13:10:47.981438 xfrm19, OUT: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 45071, length 1380
13:10:48.011580 xfrm19, IN: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45071, length 1380
13:10:48.011625 BridgeLAN, OUT: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45071, length 1380
13:10:48.011630 PortF1, OUT: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45071, length 1380
13:10:48.011631 oct0, OUT: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45071, length 1380
13:10:48.996938 PortF1, IN: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 45072, length 1380
13:10:48.996938 BridgeLAN, IN: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 45072, length 1380
13:10:48.996983 xfrm19, OUT: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 45072, length 1380
13:10:49.021571 xfrm19, IN: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45072, length 1380
13:10:49.021616 BridgeLAN, OUT: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45072, length 1380
13:10:49.021620 PortF1, OUT: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45072, length 1380
13:10:49.021621 oct0, OUT: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45072, length 1380
13:10:50.012728 PortF1, IN: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 45073, length 1380
13:10:50.012728 BridgeLAN, IN: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 45073, length 1380
13:10:50.012769 xfrm19, OUT: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 45073, length 1380
13:10:50.039148 xfrm19, IN: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45073, length 1380
13:10:50.039180 BridgeLAN, OUT: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45073, length 1380
13:10:50.039184 PortF1, OUT: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45073, length 1380
13:10:50.039185 oct0, OUT: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45073, length 1380
13:10:51.028315 PortF1, IN: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 45074, length 1380
13:10:51.028315 BridgeLAN, IN: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 45074, length 1380
13:10:51.028355 xfrm19, OUT: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 45074, length 1380
13:10:51.054301 xfrm19, IN: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45074, length 1380
13:10:51.054333 BridgeLAN, OUT: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45074, length 1380
13:10:51.054337 PortF1, OUT: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45074, length 1380
13:10:51.054338 oct0, OUT: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45074, length 1380
13:10:52.044914 PortF1, IN: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 45075, length 1380
13:10:52.044914 BridgeLAN, IN: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 45075, length 1380
13:10:52.044955 xfrm19, OUT: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 45075, length 1380
13:10:52.071863 xfrm19, IN: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45075, length 1380
13:10:52.071892 BridgeLAN, OUT: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45075, length 1380
13:10:52.071896 PortF1, OUT: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45075, length 1380
13:10:52.071897 oct0, OUT: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45075, length 1380
13:10:53.060560 PortF1, IN: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 45076, length 1380
13:10:53.060560 BridgeLAN, IN: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 45076, length 1380
13:10:53.060603 xfrm19, OUT: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 45076, length 1380
13:10:53.092035 xfrm19, IN: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45076, length 1380
13:10:53.092068 BridgeLAN, OUT: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45076, length 1380
13:10:53.092072 PortF1, OUT: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45076, length 1380
13:10:53.092074 oct0, OUT: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45076, length 1380
13:10:54.076049 PortF1, IN: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 45077, length 1380
13:10:54.076049 BridgeLAN, IN: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 45077, length 1380
13:10:54.076136 xfrm19, OUT: IP 10.1.90.34 > 192.168.60.2: ICMP echo request, id 8, seq 45077, length 1380
13:10:54.119721 xfrm19, IN: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45077, length 1380
13:10:54.119748 BridgeLAN, OUT: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45077, length 1380
13:10:54.119752 PortF1, OUT: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45077, length 1380
13:10:54.119753 oct0, OUT: IP 192.168.60.2 > 10.1.90.34: ICMP echo reply, id 8, seq 45077, length 1380

-----
Cancel
Vote Up 0 Vote Down

Cancel
0 Bharat J over 2 years ago in reply to Bharat J

Bharat J said:
Since when have you started observing this issue? it was working earlier and stopped working ?

Also, share if you have checked with drop packet capture if any packets are getting dropped?

Regards

"Sophos Partner: Infrassist Technologies Pvt Ltd".

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 Vivek Jagad over 2 years ago

Hey Massimiliano Talin1,

Thank you for reaching out to the community, can you try changing the mss value of the Port interface where your WAN gateway is linked with that IPsec tunnel !!
Change the mss value to 1360 or 1280 !!

Thanks & Regards,
_______________________________________________________________

Vivek Jagad | Team Lead, Global Support & Services

Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 Bharat J over 2 years ago in reply to Vivek Jagad

adding to this post for syntax to change mss or mtu value is as below :

console> set network mtu-mss PortF1 mtu default mss default

In this case console> set network mtu-mss PortF1 mtu default mss 1360

Thanks and Regards

"Sophos Partner: Infrassist Technologies Pvt Ltd".

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel