ASA - VTI VPN and MSS

When using a route-based VPN with VTI interfaces on your ASA, it’s important to consider the impact of the TCP MSS and window size on the performance of the VPN tunnel. The default MSS value of 1380 bytes set by the ASA for site-to-site IPsec tunnels is typically sufficient for most scenarios. This value takes into consideration the overhead introduced by the IPsec encapsulation and helps prevent issues like fragmentation and inefficient use of bandwidth.

You should only make any adjustments if you perceive problems on the network. If you’re experiencing performance issues or connectivity problems on that particular VPN, then investigating the values of the MSS may be a good troubleshooting step. Otherwise, leaving the default values should be perfectly fine.

https://networklessons.com/ip-routing/pppoe-mtu-troubleshooting-cisco-ios/ https://networklessons.com/cisco/ccie-routing-switching-written/ipsec-static-virtual-tunnel-interface https://networklessons.com/cisco/ccie-routing-switching-written/ipsec-vti-virtual-tunnel-interface