Cisco Cisco Clean Access 3.5

MSS Clamping (default: 1400 bytes)– A restriction on the Maximum Segment Size (or packet 
size) of IPSec traffic. MSS Clamping replaces the traditional method of determining the 
maximum size of transmitted packets, dynamic MTU (maximum transfer unit) discovery. In 
MTU discovery, hosts negotiate the MTU size by ICMP at the time of data exchange. With MSS, 
the maximum packet size is predefined, so additional ICMP traffic is not needed. 

MSS Value – If MSS clamping is enabled, the maximum packet size, in bytes. 

When finished, click Restart IPSec to restart the IPSec service with the new values. 

Either allow or enforce the use of VPN by choosing the appropriate role policy in the role properties 
of the user (under User Management > User Roles > Add or Edit). 

The Layer 2 Tunneling Protocol (L2TP) allows PPP frames to be tunneled through the network. L2TP 
and PPTP are alternatives to IPSec encryption. These formats are widely used due to the availability of 
client software supporting them. 

Unlike IPSec, however, L2TP and PPTP require a dedicated IP address pool. The Clean Access Server 
uses the address pool to perform address translation of tunnelled traffic (

The address pool you use for both L2TP and PPTP pools depends on the Clean Access Server operating 
mode. Given a Clean Access Server with these interface addresses: 

eth0 (to trusted network): 192.168.151.55

eth1 (to untrusted, managed network): 10.1.55.1

For Real-IP Gateway and Virtual Gateway, the IP pool must be a valid subnet (routable) on the eth0 side, 
such as 192.168.151.100–192.168.151.105. 

For NAT Gateway, the IP pool can be any private subnet, such as 10.1.70.20–10.1.70.200 

Both L2TP and PPTP are used with PPP (Point-to-Point Protocol). Therefore, to set up L2TP or PPTP 
you will also need to configure PPP, as described below. 

et

h

0

eth1

Trusted network

Untrusted network

source:

Clean Access

Server

L2TP IP pool:
192.168.151.100–105

192.168.151.103

source:
10.1.15.17