How do I modify the MTU size on WSA to match the MTU used on routers?
Environment: Cisco Web Security Appliance (WSA), WCCP used for traffic redirection
Symptoms: Router performance and/or network traffic is affected due to WSA using higher MTU, typically seen when WCCP redirection is involved.
When you use WCCP redirection on a router to send redirect traffic to WSA and the router uses a MTU size that is less than 'WSA MTU size + GRE headers', then you may need to lower the MTU size on WSA so that WSA's MTU is lower than router's MTU size + size of GRE headers.
Typically this is needed when VPN traffic is being sent to WSA, which has a lower MTU than LAN traffic
By default, the MTU on WSA interface is 1500.
You can change the MTU on WSA interface from CLI using the below steps:
cli>etherconfig > MTU > <Specify the number for the respective interface>
Specify the MTU
Press <Enter> until to return to original CLI prompt
Use 'commit' and Press <Enter>
If you don't this, WCCP still works, but if there is a MTU mis-match then the router may do a lot of traffic processing in its CPU instead of a dedicated ASIC chip, which may cause undue strain on the router's CPU.