Hi, It seems that Meraki has changed the ESP overhead size from 64 bytes to 68 bytes if you are running MX 18 ++ This may affect IP Fragmentation as shown below. This is a capture done on MX15.44. Client sends a maximum of 1408 UDP payload + 20 IP header = 1428. Then you add the encryption + 64 bytes = 1492 MTU , this fits almost any normal WAN link ( DSL and fiber and other ) ( top is 'Internet' capture , bottom is AutoVPN capture ) With MX18++ 1408 UDP payload + 20 IP header = 1428 if you add up the new 68 bytes = 1496 ! DSL links might not like that number ! We have encountered some ISP that instead of fragmenting those packets , they were simply dropping them. I haven't seen any documentation / changelog regarding those 4 new ESP bytes , but the 68 bytes is now included in the MTU troubleshooting guide If your packet is traversing over Auto VPN, you will need to account for the 68 byte overhead when determining MTU size. : https://documentation.meraki.com/General_Administration/Tools_and_Troubleshooting/Troubleshooting_MTU_Issues So , heads up for MTU issues ! Cheers ,
... View more