@acejavelin: I will look back to last year's email and see if I can find details. Here's what I remember:
- We went live and naturally problems started soon after.
- Was most notable with IPSEC sites since they would go offline frequently due to ISP.
- At the time our enterprise Wifi controller could not connect to the AP's over VPN. MTU in the controller was 1500 or 1450 and we had to bump it down between 1375-1400.
- This lead us to look at the MTU on the 3300, though Mitel techs refused to change it.
- They insisted it was a network problem until phones at fiber and within LAN's of the 3300's did the same.
-- Pretty sure he even plugged a phone directly into the pbx and it did the same. (full disclosure: I did enjoy that part...)
- Tech reviewed and I think changed a few things, but ultimately said he didn't do much.
- Scheduled a reboot of one or both 3300's at night and that fixed the issue.
Question: If you unplug/reboot a phone at non-VPN does it come up ok? Part of our confusion is that all the phones on T1/Fiber sites were up for weeks prior to go-live and did not reboot. Phones worked fine until you had to reboot or logout/hotdesk back in.
VPN:
From a quick review of the tunnel status, MTU is ranging from 1412 to 1436. Specfiically 1436 on tunnels using 3des/sha1, DH:5. Sites with 1412 use aes128 or 256/sha1 with a second proposal of 3des/sha1 and DH: 14.
I don't see that we are forcing MTU on either end.
I have a 5320e remotely that I use to test both teleworker/nat and over IPSEC. Will see if I can break it when I get some time. So far it's working fine in both scenarios.