ASA adjust mss

Unanswered Question
Feb 12th, 2007

I have a site to site VPN over a DSL. My DSL line terminates on an 877 router on the one end and a pix 506 on the other end. I have a site-to-site VPN from an ASA on the other side of the 877 and the 506. I have having problems running certain application across this VPN and I believe it is related to the MTU permitted over DSL. I know on the 877 you can use the ip tcp adjust mss to change the MTU to the required size, but I have done this and it doesn't appear to have helped. Is it possible to adjust the MTU on the ASA or on the site-to-site VPN config to get this to work?

Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
ali-franks Tue, 02/13/2007 - 04:38

Hi David,

We had a PIX515E running site to site VPN and had a couple of snags with it, until we reduced the MTU using;

sysopt connection tcpmss 1300

This was suggested by TAC ages and ages ago, so we've let it run without any problems. The same PIX also runs RA VPN with no probs.

You can also enter this command in the ASA. Try using this command on both PIX 506 and ASA but start with a value of 1380, then down to maybe 1320 and finally 1300.

Don't bother with the 877 MTU size for now, leave them as default 1500 and see how you get along.

HTH Ali

Actions

This Discussion