11-14-2007 03:37 AM - edited 02-21-2020 03:22 PM
Hi,
In the ASA log, we are seeing the following error:
Error Message %ASA-3-722036: Group group User user-name IP IP_address Transmitting
large packet length (threshold threshold).
I presume our server is sending large packets to the SSL client? Has anyone else encountered this?
Thanks,
Mark.
11-20-2007 07:41 AM
This error message means that client is sending packets larger than the level expected by ASA. Change the MTU on the client side. This URL should help http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/s8.html#wp1318649 for more information.
11-20-2007 07:46 AM
Hi,
Thanks for the reply. Unfortunately I am not using the AnyConnect client. I am using ASA 7.2 with the SVC client.
09-23-2012 11:22 AM
I know this post is 5 years old, but this problem is still cropping up from time to time with no explanation. Specifically, myself and others have an issue with a large packet length of 1410, with a threshold of 1406. Unfortunately, you can't change the MTU because the maximum is 1406. This doesn't even make sense.
I did find one possibility. A troubleshooting article showing the ASA transmitting packets that exceeded the MTU could be fixed by running:
svc compression none
But will this also fix the received packets?
09-27-2012 07:14 PM
Hi Brian,
The old SSL client is not longer supported, it is legacy.
At this point, I would suggest the AnyConnect client, since it introduces the command:
[no] svc mtu size
Which only affects the AnyConnect sessios. The old SSL VPN Client (SVC) does not suppor it.
An example:
ASA(config)# group-policy AnyConnect attributes
ASA(config-group-policy)# webvpn
ASA(config-group-webvpn)# svc mtu 1200
Thanks.
Portu.
Please rate any helpful posts.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: