TCP MSS Adjustment

Unanswered Question
Jan 6th, 2009
User Badges:

Hi, I have a cisco 1720, with IOS Version 12.2(8)TPC10a.


I have configured a FTP server with NAT static in this router but we have problems to open sessions.


Do you know if this is related with IOS? someone tell me I have to configure TCP MSS Adjustment in the LAN interface, but documentation says that NAT don't have to be configured.


do you think if this is neccesary?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Richard Burts Tue, 01/06/2009 - 15:13
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

William


I do not see anything in the information that you have given us that would indicate that you need to adjust MSS. On the other hand you have not told us much about your situation. What kind of outbound connection is the router using? Are you configuring any kind of tunneling (GRE or IPSec or anything like that)?


My first guess would be that there is some isse about the configuration of NAT. Could you post the router config so that we can see what is going on?


And it would be easy to configure the TCP adjust MSS and see if it helps. It would not hurt anything and it is possible that it would help.


HTH


Rick

william.tituana Tue, 01/06/2009 - 15:29
User Badges:

Hi Rick, thank you for your reply.


I don't have tunneling configured. I have a frame relay link between an external router (in network 192.168.10.X) and the Cisco 1720, these one is connecting to network 10.1.1.0 through a firewall with an ip 192.168.4.5.


The FTP server is in network 10.1.1.X ((the FTP server is 10.1.1.138)


The configuration is as follows:


ROUTER_1720#sh run

Building configuration...


Current configuration : 1617 bytes

!

version 12.2

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname ROUTER_1720

!

memory-size iomem 25

ip subnet-zero

!

ip audit notify log

ip audit po max-events 100

!

!

!

interface FastEthernet0

ip address 192.168.4.6 255.255.255.252

ip nat inside

speed auto

!

interface Serial0

no ip address

encapsulation frame-relay

no fair-queue

frame-relay traffic-shaping

frame-relay lmi-type ansi

!

interface Serial0.1 point-to-point

description CANAL_A

ip address 192.168.35.26 255.255.255.252

ip nat outside

frame-relay interface-dlci 496

class 256K

!

!

ip nat inside source static 10.1.1.138 192.168.116.179

ip classless

ip route 10.1.1.0 255.255.255.0 192.168.4.5

ip route 192.168.10.0 255.255.255.0 192.168.35.25

no ip http server

!

!

!

map-class frame-relay 256K

no frame-relay adaptive-shaping

frame-relay cir 256000

frame-relay bc 256000

frame-relay be 0

frame-relay mincir 256000

!


!

line con 0

login

line aux 0

line vty 0 4

login

!

no scheduler allocate

end


ROUTER_1720#


Richard Burts Tue, 01/06/2009 - 20:01
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

William


Thanks for posting the router config. There are a couple of things about it that I would like to ask about:

- perhaps you could explain the topology. your comments indicate that the connection through FastEthernet0 is through a firewall. And apparently the inside network is through the firewall? and the Frame Relay interface leads to the outside? So who is attempting to access the FTP server? what interface does that traffic arrive on?

- I am surprised that there is no dynamic routing protocol and only 2 static routes. There is a route to 10.0.0.0 through the inside and a route to 192.168.10.0 through the outside. And there are no other routes.

- which leads to one of the problems. You are translating the address of the FTP server into 192.168.116.179 but there is no routing information about how to get to 192.168.116. So this would be the first problem about why you can not access the FTP server.


HTH


Rick

william.tituana Wed, 01/07/2009 - 07:27
User Badges:

Hi Rick, sorry for my simple description. I'm attaching a diagram i hope it helps you to understand the topology. It's a very simple topology. There is not a routing protocol because it's basically a point-to-point connection.


Router B, in the diagram is the firewall i described before, but this firewall, in this case, is just routing network 10.1.1.x and network 192.168.4.x


A host in network 192.168.10.x is able to do a ping to NATed server 192.168.116.179 (which real address is 10.1.1.138), but, when it try to open a FTP connection just appear the "welcome screen" but it doesn't permit to enter the user and password.


some people told me that it's because i have to configure the tcp adjust mss, but i think it's a problem with the FTP server.


so, do you think i have to configure de tcp adjust mss?



Attachment: 
william.tituana Fri, 01/09/2009 - 09:36
User Badges:

Thanks a lot for your interest Rick. I have resolved the problem.

It's not necessary to modify the size of packets with TCP MSS ADJUST.


Problem was in FTP server and some security rules.


Thank you

Richard Burts Fri, 01/09/2009 - 09:59
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

William


Thank you for posting back indicating that you have resolved the problem and what the problem was. It makes the forum more useful when people can read about a problem and can read what the problem was.


HTH


Rick

Actions

This Discussion