ASA5510 blocks iPhone

Unanswered Question
Oct 8th, 2009
User Badges:

Hello, hopefully somebody can help me with this problem.


I have wireless routers connected to the DMZ. Internet access through the wireless routers are fine from laptops. However, when we try to access or browse the Internet from the iPhone, ASA drops the connection and shows this particular error:


Bad TCP hdr length (hdrlen=32, pktlen=58) from xxx.xxx.xxx.xxx/80 to xxx.xxx.xxx.xxx/1152, flags: ACK , on interface Untrust


Any ideas on how to fix this?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Yudong Wu Thu, 10/08/2009 - 12:23
User Badges:
  • Gold, 750 points or more

It might be related to the fragmentation of the packets. The packet which has bad TCP header length was sent from web server to iPhone.

You can do a packet sniffer to see what MSS is negotiated when using laptop and iPhone to access webserver respectively.


If they are the same, it must be something else. I would suggest you to open a TAC case to investigate it.

Actions

This Discussion