Implementing Cisco Enterprise Advanced Routing and Services (ENARSI) — Question 370

A network administrator must optimize the segment size of the TCP packet on the DMVPN IPsec protected tunnel interface, which carries application traffic from the head office to a designated branch. The TCP segment size must not overwhelm the MTU of the outbound link. Which configuration must be applied to the router to improve the application performance?

Answer options

• A. interface tunnel30 ip mtu 1400 ip tcp payload-size 1360 ! crypto ipsec fragmentation before-encryption
• B. interface tunnel30 ip mtu 1400 ip tcp adjust-mss 1360 ! crypto ipsec fragmentation after-encryption
• C. interface tunnel30 ip mtu 1400 ip tcp max-segment 1360 ! crypto ipsec fragmentation before-encryption
• D. interface tunnel30 ip mtu 1400 ip tcp packet-size 1360 ! crypto ipsec fragmentation after-encryption

Correct answer: B

Explanation

The correct answer is B because using 'ip tcp adjust-mss' sets the Maximum Segment Size (MSS) to prevent fragmentation over the tunnel, ensuring that packets are appropriately sized for the MTU. The other options either use incorrect commands or configurations that do not effectively manage MSS for TCP traffic in this context.