cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5005
Views
0
Helpful
3
Replies

Using ASDM to solve MSS issue

mawallace
Level 1
Level 1

I have a problem with accessing a couple of websites on our network. I have identified it to be due to the fact the servers are sendning packets that exceed the MSS advertisied by client.

I recall that this is an issue which started in PIX version 7.

I also recall someone telling me that a "tick box" was added to ASDM to allow the firewall to pass packets that exceed the MSS - and that a "simple" command can be issued to allow this action to commence.

I cannot find the "tick" box in ASDM nor can find the refernce to the command.

Can someone point me in the right direction!

ASDM version 5.2 (2)

Pix version 7.2(2)

ASA 5510

3 Replies 3

andrew.prince
Level 10
Level 10

Mark,

the command is:-

sysopt connection tcpmss # - the default is 1380

In the ASDM navigate to:-

Configuration > TCP Options - change the value for the "Force Maximum Segment Size for TCP proxy connection to be"

HTH.

Thank you - but the option is already ticked.

What I was trying to solve is the issue at:-

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804c8b9f.shtml

What I has told is that there is now one setting which allows me to say, for an website, allow the MSS to be exceeded!

Firstly you have to know how much is the max data you can send thru your infra-structure, un-fragmented.

Try pinging the website you are trying to get to, first with a high packet size, reducing the packet size until you get a response.

ping x.x.x.x -l 1450 -f

ping x.x.x.x -l 1440 -f

ping x.x.x.x -l 1430 -f

and so on until you get a response. The number you find is what you should set the MSS to.

HTH.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: