Anonymous

My feedback

  1. 71 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Networking » VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →

    Hi Scott,

    Thanks for the feedback – totally understand the pain points and confusion. There are a couple of constraints on the Azure side and also specifically with VPN. The key issue is this is for packets coming over the Internet which we can only assume total packet size of 1500 bytes max. Azure SDN platform performs additional encapsulation on the packets within our datacenter networks, so it will be subtracted from there.

    1. On the Azure VPN gateways, the recommendation is to set TCP MSS clamping to 1350; or if not possible for your device, then set MTU to 1400 bytes on the IPsec tunnel interface. We had updated/clarified the Azure documentation to call that out.

    2. Changing MTU currently is not possible from the Azure VPN gateways. We will take it into configuration, but it will not be possible in the short term due to the scale…

    Anonymous commented  · 

    Hi Scott,

    I am experiencing the similar issue but in my case the packet did not even go out. The large packets are marked as bad checksum and it seems like just dropping them as errors. Would you please advise me if you were able to resolve your issue?

    Cheers,
    Jae

Feedback and Knowledge Base