Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA 5540 V7.1(2) MSS Exceeded and Pinhole Timeout

Hi,

On ASA firewall mentioned above I was getting "MSS Exceeded, MSS 1380,data 1381" error whenever data was sent from 10.5.1.36 (Behind HTTP_SERVERS interface) to 10.20.1.36 on interface HTTP_SERVERS

Following configuration is done n ASA to avoid this error

access-list TEST permit tcp   ho 10.5.1.36 ho 10.20.1.36

class-map HTTP_CLASS
match access-list TEST

tcp-map HTTP_TCP_MAP
exceed-mss allow


policy-map HTTP_POLICY_MAP
class HTTP_CLASS
set connection advanced-options HTTP_TCP_MAP


service-policy HTTP_POLICY_MAP interface HTTP_SERVERS

After applying this configuration, the MSS exceeded error is diappeared but the new PINHOLE TIMEOUT error is getting generated as shown below

302014: Teardown TCP connection 37774122 for HTTP_SERVERS:10.5.1.36/57189 to CBS:10.20.1.36/0 duration 0:02:01 bytes 0 Pinhole timeout

1 REPLY
Cisco Employee

Re: ASA 5540 V7.1(2) MSS Exceeded and Pinhole Timeout

Hello,

Is this valid traffic? I can see that the destination port on the log is 0, would you consider this a valid traffic?

Thanks!

Mike

Mike
1053
Views
0
Helpful
1
Replies
CreatePlease login to create content