Do I need to change the maximum transmission unit (MTU) for the VPN header?
Internet Protocol Security (IPsec) adds protocol overhead to each packet, which can lead to fragmentation. Fragmented packets then need to be reassembled at the receiving gateway, which can lead to performance degradation. Pre-fragmentation of packets can help keep the packet size at a level where fragmentation is not likely to occur, which aids performance in the network. The protocol overhead depends on the type of encryption that is chosen and can be calculated accordingly.
Email your VPN-related questions to firstname.lastname@example.org.
This was first published in January 2012