Have you ever experienced that the site2site VPN connection performance is poor despite the Internet connection between the two sides is good and both equipment works properly? I met this situation once. And it turned out to be caused by the settings of MTU (Maximum Transfer Unit).
The default MTU of Ethernet is 1,500 Bytes. But in some cases, there may be one or more equipment between the two sites does not follow this standard. It might be caused by a legacy equipment or misconfigurations.
To confirm it, there is an easy to do so. Run the command ‘ping {ip address} –f –l 1500’ in your Windows machine. (-f disalbes fragment, –l defines the buffer size). If you meet the same issue mentioned above, you will get this reply ‘Packets needs to be fragmented but DF set’.
To fix this problem, you need to figure out a proper MTU value by trying the command ‘ping {ip address} –f –l {MTU value}’ until the reply shows as ‘reply from …’ or ‘request timed out’, e.g. ping x.x.x.x –f – 1450
Let’s say 1,450 is the value you found. Now what you need to do is to modify the MTU value from 1,500 to 1,450 on your machine.
For Windows 7
1) Run ‘netsh interface ipv4 show interface’ to check the index number of Local Area Connection. Generally, it is 11.
2) Run ‘netsh interface ipv4 set interface 11 mtu=1450’ to change the MTU size to 1,450 Bytes for your loacal area connection. Append ‘store=persistent’ to the end if you want to make it permanent.
3) Run ‘netsh interface ipv4 show interface’ again to confirm the change has been made.
For Windows XP
1) Lauch Windows registry editor, and navigate to the following location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\<AdapterID>
2) Create a DWORD value and name it to MTU, then change the data to 1450
Jackie Chen's IT Workshop 