Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
680
Views
0
Helpful
1
Replies

ASA 5540 - Clientless VPN (SSL) function ignores MTU setting

sean.mcintyre
Level 1
Level 1

‎04-23-2008 04:38 PM

It appears that the Clientless VPN (SSL) function completely ignores the mtu setting that is applied to the inside and outside interfaces.

mtu inside 1300

mtu outside 1300

I have verified that this is true with ver 7.2(4) and 8.0(3) using packet captures at the client side of the session.

I have confirmed that if the Clientless VPN (SSL) function would adhere to this setting, all of the problems that our users are experiencing when accessing OWA remotely would go away.

I've verified this by manually setting the MTU size on the workstation. When it is 1300, everthing works fine.

Can anyone explain why the Clientless VPN (SSL) function will not adhere to this setting?

Labels:
0 Helpful
1 Reply 1

smahbub
Level 6
Level 6

‎04-29-2008 12:45 PM

To specify the maximum transmission unit for an interface, use the mtu command in global configuration mode. To reset the MTU block size to 1500 for Ethernet interfaces, use the no form of this command. This command supports IPv4 and IPv6 traffic.

syntax:

mtu interface_name bytes

The default MTU bytes is 1500 for Ethernet interfaces

for more information about mtu setting refer:

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/m.html#wp1751599

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents