ASA 5540 - Clientless VPN (SSL) function ignores MTU setting

Unanswered Question

It appears that the Clientless VPN (SSL) function completely ignores the mtu setting that is applied to the inside and outside interfaces.

mtu inside 1300

mtu outside 1300

I have verified that this is true with ver 7.2(4) and 8.0(3) using packet captures at the client side of the session.

I have confirmed that if the Clientless VPN (SSL) function would adhere to this setting, all of the problems that our users are experiencing when accessing OWA remotely would go away.

I've verified this by manually setting the MTU size on the workstation. When it is 1300, everthing works fine.

Can anyone explain why the Clientless VPN (SSL) function will not adhere to this setting?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
smahbub Tue, 04/29/2008 - 12:45

To specify the maximum transmission unit for an interface, use the mtu command in global configuration mode. To reset the MTU block size to 1500 for Ethernet interfaces, use the no form of this command. This command supports IPv4 and IPv6 traffic.


mtu interface_name bytes

The default MTU bytes is 1500 for Ethernet interfaces

for more information about mtu setting refer:


This Discussion