ASA 5505 8.0 issue

Unanswered Question
Sep 7th, 2008


I encountered a issue when I tried to setup the VPN between the ASA 5505 (version 8.0) and PIX 515E (version 6.3). The VPN can up and running. From the PC in remote site, it can get the IP from DHCP server in central site through the VPN tunnel, and the ping the DNS are all working correctly. But all applications (email, critrix) are not working fine. Attached are the configurations. Do you have any ideas about this issue?

Thanks. Leo

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
singhsaju Mon, 09/08/2008 - 10:40

Hello Leo,

If the PING is working then this could be a fragmentation issue . IPsec adds its own header to normal application data packets and this could lead packet size more than 1500 bytes.

Try to adjust TCP MSS value on VPN end devices (Both PIX and ASA in your case)

Try to adjust TCP MSS value on PIX. For ASA check the following link.

sysopt connection tcp-mss MSS_size_in_bytes

example : sysopt connection tcp-mss 1360

You can also find the exact size for your connection using extended ping utility from your workstation as explained in following link .

For PIX and router( as vpn end devices) use following link




Please rate if it helps


This Discussion