IP inspect fragment max command and its effect on SSL Anyconnect

Answered Question
Mar 29th, 2010
User Badges:

I have a customer with a Cisco 3825 functioning as a firewall and "IP inspect fragment max on 256 timeout 1" is configured on the inbound. 

Can or will this command have any adverse affects on Cisco SSL Anyconnect client communications?

Correct Answer by Jennifer Halim about 7 years 2 months ago

Don't believe that the inspection for fragments will particularly affect AnyConnect traffic. It will be inspecting for a maximum of 256 fragments before it starts to reassemble the packet for inspection. It will have affect on all traffic through the router, but not specifically to AnyConnect traffic.


Hope that helps.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jennifer Halim Mon, 03/29/2010 - 22:54
User Badges:
  • Cisco Employee,

Don't believe that the inspection for fragments will particularly affect AnyConnect traffic. It will be inspecting for a maximum of 256 fragments before it starts to reassemble the packet for inspection. It will have affect on all traffic through the router, but not specifically to AnyConnect traffic.


Hope that helps.

Actions

This Discussion