I've got clean access up and running, and it's working great. I've got some students asking for game console internet access. I set up a role and filter for xbox as per the cca user guide, but the student's xbox (360 version I believe) fails with a MTU error. After a little research, the solution seems to be to change the MTU on the router (or clean access, or asa - I'm not really sure), but I'm not going to change MTU settings on multiple devices just so game consoles can get internet access.
Do you have your clean access system configure for game console access?
If so, did you have to do anything with MTU settings?
If you encountered MTU errors, but resolved it some other way, what was it?
My config involves this traffic flow: end user <-> clean access <-> asa <-> cisco router <-> internet.