The issue is on our routed network for one site to another.. The clients can't access a secure routed websites.. Simply the DNS server will resolve but the web page will not load.. All our server and clients are using Defalut 1500 MTU size..
After lowering the MTU to 1492 on one client. boom the web page load as normal.. I have asked our MPLS guy to ask ISP about the MTU size in the router.. It is 1500.. So where could the issues be. Im confused 😕
Best Answer
Apparently, your router fails to fragment packets as necessary. That may be a configuration error or a general inability (=> replace router).
Even if your VPN router does support fragmentation it may be beneficial to lower the general LAN MTU to a value that doesn't require fragmentation, especially when most traffic traverses the VPN anyway.
The MTU is not a device parameter, it's a link/interface parameter. In case you're using an additional tunnel, your ISP doesn't even know the effective MTU for your link. Sometimes using 802.1Q VLAN tags on an MPLS link eats into the MTU.
A WAN MTU of 1492 is quite common when PPPoE or various tagging methods are involved (the keyword here is MPLS). Make sure the ISP statement "it is 1500" gets the right context - on WAN? on MPLS? potentially including 802.1Q tags?
Testing a path MTU is quite easy using ping. E.g. on Windows,
ping -f -l 1472 <dest>should work when the MTU is 1500 bytes (28 bytes is the IPv4 and ICMP echo overhead).