Mss size decreases after packet enters outside router from firewall

Answered Question
Jul 19th, 2011
User Badges:

Hello,  I have been googling for a lead on our current problem with no luck so far.

We have a particular application that is sending packets out our firewall to our OSSR CISCO 6509.

When the packets enter the 6509 they are fully formed with an MSS size of 1460 and have the SYN, ACK etc...

When they exit the 6509 the MSS, TSER, TSV and some other packets are completly gone.

We used monitoring sessions to find and collect the data.

I believe the issue resides at layer 3 but can't prove it right now.

How can one configure a 6509 to drop or severly reduce the size of the various portions of the packet?

Can a 6509 arbitrarily begin packet shapping based on something it detects within the packte?

No other traffic traversing this device is having this problem.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Eric R. Jones Wed, 07/20/2011 - 16:16
User Badges:

ok I think I need to clearify.

The packet header is being changed.

There are the normal options in the header when it enters the device but none when it exits.

This happens to all packets from the source application but only that application.

Is it possible that the 6509 is seeing a flag on the header and reacting to that by reducing/eliminating items in the header?


Eric R. Jones Wed, 10/19/2011 - 16:12
User Badges:

The fix was to down grade the OS from MS 2007 to MS 2003 on the server.



This Discussion