04-04-2018 01:26 PM
Question. I have Aruba VPN controllers 70xx models AOS 220.127.116.11. I have a cyrpto tunnel between two controllers. I read that the default tunnel mtu is 1500 and if I want to change it I have to do a gloabl command "crypto ipsec mtu xxxx". I made a change like this for MTU 1024 for a test and a "show crypto ipsec mtu" shows the new value.
What I want to know is if there is a command that I can see the MTU is set on the actual tunnel between the two controllers? Like a sh crypto ipsec sa perr x.x.x.x. Any MTU settings in these types of commands? I have not been able to locate one.
Solved! Go to Solution.
04-06-2018 11:31 AM
Think I figured this out.
Global command "crypto ipsec mtu <value>" will change the MTU of the tunnel. And you can see the MTU on the tunnel with the command "show datapath tunnel" before and after. You have to clear ipsec sa peer <ip> to get it to take.