Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1932
Views
0
Helpful
2
Replies

Dropping TCP packet reason: MSS exceeded, MSS 536, 1072 data

alejandrocgch
Level 1
Level 1

‎03-04-2008 12:19 PM - edited ‎03-11-2019 05:12 AM

Good everyone, I am new to this forum and technology cisco, I have the following environment:

I have an ASA 5510 7.2 (3) that has a connection to the internet through the outside, the other 3 interfaces are connected to a switch 3560g of 48 ports, is the inside, other servers and other metrointer, this I connected a 10.2 suse linux server with 64-bit with two cards to 1000, a card to metrointer and other servers, the outside has a security level of 0, metrointer 20 and 50 servers.

Prior had a 10.0 suse linux server on a computer and the cards were 100 full duplex, the switch to this new server mentioned above. The 64-bit server is Postfix and serves as a gateway to a mail server with 2007 exchange this in my vlan servers.

We have a business partner who is a bank that also has a ASA and has a high-speed link (1mbits), the point is that when sending emails to this partner mails fail, I get this error.

4 Mar 03 2008 12:53:38 419001 192.168.16.1 x.x.x.x Dropping TCP packet from metrointer: 192.168.16.1/15801 to Outside: x.x.x.x/25, reason: MSS exceeded, MSS 536, 1072 data

Only with this partner gives me this error, add an exception in the ASA to avoid review the MSS but I am not working, my ASA what this vote, what is not is whether my linux are sending the biggest MSS that is managed initially or my partner, they say that the problems we have, the card is in my linux autoneg on a 1000 1000 full duplex, but that was not done, any orientation to solve this problem.

Adding file with the configuration of my ASA

Greetings

Labels:
Preview file
9 KB
0 Helpful
2 Replies 2

abinjola
Cisco Employee
Cisco Employee

‎03-05-2008 05:28 AM

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note0918

6a00804c8b9f.shtml

Following commands were issued to the pix so that exceed MSS packets were allowed through

pix :

pixfirewall(config)#class-map http-map1

pixfirewall(config-cmap)#match any

pixfirewall(config-cmap)#exit

pixfirewall(config)#tcp-map mss-map

pixfirewall(config-tcp-map)#exceed-mss allow

pixfirewall(config)#policy-map global_policy

pixfirewall(config-pmap)#class http-map1

pixfirewall(config-pmap-c)#set connection advanced-options mss-map

pixfirewall(config-pmap-c)#exit

pixfirewall(config-pmap)#exit

pixfirewall(config)#

0 Helpful

alejandrocgch
Level 1
Level 1
In response to abinjola

‎03-05-2008 01:06 PM

I exception, but I have the same problem, it is curious that no longer leaves me in the log.

Now the problem is on the other side?.

Greetings

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card