Symptom
When TBAR and/or IPSec inline tagging are enabled on IOS-XE GM, plain-text mtu under "show crypto ipsec sa" will not be calculated the right way leading to packet drops for traffic that cannot be fragmented. This could happen for any type of interface where the GDOI crypto map is applied.
Conditions
IOS-XE GM
TBAR and/or IPSec inline tagging are enabled
Workaround
Disable those features so MTU is calculated the right way.
OR
Upgrade to a fixed release.
