IP inspect fragment max command and its effect on SSL Anyconnect

Answered Question
Mar 29th, 2010

I have a customer with a Cisco 3825 functioning as a firewall and "IP inspect fragment max on 256 timeout 1" is configured on the inbound. 

Can or will this command have any adverse affects on Cisco SSL Anyconnect client communications?

I have this problem too.
0 votes
Correct Answer by Jennifer Halim about 6 years 10 months ago

Don't believe that the inspection for fragments will particularly affect AnyConnect traffic. It will be inspecting for a maximum of 256 fragments before it starts to reassemble the packet for inspection. It will have affect on all traffic through the router, but not specifically to AnyConnect traffic.

Hope that helps.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jennifer Halim Mon, 03/29/2010 - 22:54

Don't believe that the inspection for fragments will particularly affect AnyConnect traffic. It will be inspecting for a maximum of 256 fragments before it starts to reassemble the packet for inspection. It will have affect on all traffic through the router, but not specifically to AnyConnect traffic.

Hope that helps.

Actions

This Discussion