06-07-2007 05:13 AM - edited 03-11-2019 03:26 AM
When I go into the ASDM on my 5510 and uncheck the "Force maximum segment size for TCP proxy connections to be 1380" will that let the firewall accept packets larger than 1380? I am trying to limit fragmenting of some packets that are close to this size. Is there any performace hit or problem with using the sequence randomizer on the firewall? It says it opens a possible security hole if you don't use it. I was wondering if it is ok to turn this off?
I just a FYI...there is no VPN on this firewall or encryption.
06-07-2007 06:54 AM
here's a primer on fragmentation..with examples (CLI) from the ASA. It covers both MTU and TCP MSS.
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008081e621.shtml
06-07-2007 09:46 AM
Thanks. That is a great link.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide