Fragmented packets are not always easy to detect and many people do not realize that this can cause significant network problems, especially with VPN tunnels. Selecting the correct MTU size in Site-To-Site Tunnels is critical because an IP packet with a size of 1500, which is the standard ethernet MTU size, will often be too large. The encoded VPN packet is somewhat larger that the origiaal packet size, resulting in fragmentation. This fragmentation can cause VPN tunnels to drop, and is hard to detect.

Using the “ping” command you can test to find the optimum packet size and then adjust the MTU accordingly. There are a number of PC programs that will also adjust the MTU.

Typing ‘ping -f -l 1492 www.google.com’ where 1492 represent the packet size, will display the ping response time and will also display a message if the packets are too large and will be fragmented. You can adjust the packet size up or down in 8 byte increments until the best response that does not get fragmented is produced.