03-04-2008 12:19 PM - edited 03-11-2019 05:12 AM
Good everyone, I am new to this forum and technology cisco, I have the following environment:
I have an ASA 5510 7.2 (3) that has a connection to the internet through the outside, the other 3 interfaces are connected to a switch 3560g of 48 ports, is the inside, other servers and other metrointer, this I connected a 10.2 suse linux server with 64-bit with two cards to 1000, a card to metrointer and other servers, the outside has a security level of 0, metrointer 20 and 50 servers.
Prior had a 10.0 suse linux server on a computer and the cards were 100 full duplex, the switch to this new server mentioned above. The 64-bit server is Postfix and serves as a gateway to a mail server with 2007 exchange this in my vlan servers.
We have a business partner who is a bank that also has a ASA and has a high-speed link (1mbits), the point is that when sending emails to this partner mails fail, I get this error.
4 Mar 03 2008 12:53:38 419001 192.168.16.1 x.x.x.x Dropping TCP packet from metrointer: 192.168.16.1/15801 to Outside: x.x.x.x/25, reason: MSS exceeded, MSS 536, 1072 data
Only with this partner gives me this error, add an exception in the ASA to avoid review the MSS but I am not working, my ASA what this vote, what is not is whether my linux are sending the biggest MSS that is managed initially or my partner, they say that the problems we have, the card is in my linux autoneg on a 1000 1000 full duplex, but that was not done, any orientation to solve this problem.
Adding file with the configuration of my ASA
Greetings
03-05-2008 05:28 AM
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note0918
6a00804c8b9f.shtml
Following commands were issued to the pix so that exceed MSS packets were allowed through
pix :
pixfirewall(config)#class-map http-map1
pixfirewall(config-cmap)#match any
pixfirewall(config-cmap)#exit
pixfirewall(config)#tcp-map mss-map
pixfirewall(config-tcp-map)#exceed-mss allow
pixfirewall(config)#policy-map global_policy
pixfirewall(config-pmap)#class http-map1
pixfirewall(config-pmap-c)#set connection advanced-options mss-map
pixfirewall(config-pmap-c)#exit
pixfirewall(config-pmap)#exit
pixfirewall(config)#
03-05-2008 01:06 PM
I exception, but I have the same problem, it is curious that no longer leaves me in the log.
Now the problem is on the other side?.
Greetings
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: