Setting the Max Segment Size for TCP Connections Going Over VPN

We use the ip tcp adjust-mss command on Cisco routers to set the maximum segment size for TCP connections going over VPN connections.

To find the optimum maximum segment size, be sure to use the do-not-fragment option when pinging across the link.  Sending a regular ping will show you the largest packet size that will make it across the link; using the df flag will tell you the largest packet that can traverse the link without being broken into multiple parts.  To set the do-not-fragment flag using the Windows ping utility, add "-f" to the command line.

Also, be sure to perform the same test over the regular, non-tunneled connection to the destination router.  Make sure your adjust-mss value is lower than the maximum non-fragmented packet.