ACE 4710: Config Allows all traffic except large HTTP downloads

Unanswered Question
Mar 17th, 2010
User Badges:

Hi Folks,

Got an ACE 4710 with a basic config that seems to work for all traffic except large downloads.

I've attached the current config

As I mentioned I can do normal HTTP to a standard destination like google or SSH through the ACE or ICMP

If i try to get a large file from the server side of ACE, then a trace shows that the first and subsequent 1460Byte packets dont go through ACE

I've thought of parse lengths, but i cannot see any that seem to affect the generic L4 maps that I am trying to use



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Pablo Thu, 03/25/2010 - 22:12
User Badges:
  • Cisco Employee,


Have you checked if the host that you're testing with is using a Windows Scale Option? You can confirm this taking a capture on the client side?

Can you get the output of show stats http ? What kind of error are you getting when the download gets cut off?



Cisco TAC

Peter Koltl Fri, 03/26/2010 - 13:56
User Badges:
  • Silver, 250 points or more
  • Community Spotlight Award,

    Member's Choice, March 2016

I've seen a similar fault. I suppose a lower MSS was sent in the TCP SYN handshake packets (1300 or 1380?) and the packets exceeding that value were dropped by the ACE. This is the default behavior which can be switched to a less strict mode by either

exceed-mss allow


no normalization


In our case, a linux web server was whose replies wouldn't keep to the MSS limit.


This Discussion

Related Content