SSL (SVC) VPN large packets

networkdvd · ‎11-14-2007

Hi,

In the ASA log, we are seeing the following error:

Error Message %ASA-3-722036: Group group User user-name IP IP_address Transmitting

large packet length (threshold threshold).

I presume our server is sending large packets to the SSL client? Has anyone else encountered this?

Thanks,

Mark.

irisrios · ‎11-20-2007

This error message means that client is sending packets larger than the level expected by ASA. Change the MTU on the client side. This URL should help http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/s8.html#wp1318649 for more information.

networkdvd · ‎11-20-2007

Hi,

Thanks for the reply. Unfortunately I am not using the AnyConnect client. I am using ASA 7.2 with the SVC client.

bcoverstone · ‎09-23-2012

I know this post is 5 years old, but this problem is still cropping up from time to time with no explanation. Specifically, myself and others have an issue with a large packet length of 1410, with a threshold of 1406. Unfortunately, you can't change the MTU because the maximum is 1406. This doesn't even make sense.

I did find one possibility. A troubleshooting article showing the ASA transmitting packets that exceeded the MTU could be fixed by running:

svc compression none

But will this also fix the received packets?

Javier Portuguez · ‎09-27-2012

Hi Brian,

The old SSL client is not longer supported, it is legacy.

At this point, I would suggest the AnyConnect client, since it introduces the command:

[no] svc mtu size

Which only affects the AnyConnect sessios. The old SSL VPN Client (SVC) does not suppor it.

An example:

ASA(config)# group-policy AnyConnect attributes

ASA(config-group-policy)# webvpn

ASA(config-group-webvpn)# svc mtu 1200

Thanks.

Portu.

Please rate any helpful posts.