IPsec MTU Varies By Encryption Algorythm
(2024-11-13)
Stronger encryption algorithms equals to lower MTU values.
For example, the FortiGate sets an IPsec tunnel Maximum Transmission Unit (MTU) of:
-
1446 for 3des-sha1,
-
1438 for aes256-sha256, aes192-sha256, aes128-sha1, aes128-sha256
-
1422 for aes256-sha384, aes256-sha512, aes192-sha384
In case of NAT-T
-
1438 for 3des-sha1
-
1422 for aes256-sha256, aes256-sha384, aes192-sha256, aes192-sha384, aes128-sha1, aes128-sha256
-
1406 for aes256-sha512