ASA5505 8.2(3) has trouble browsing websites - PMTU-D errors
This one has been puzzling me a bit.
We have been having continuous MTU issue with suring certain website. Our MTU is set to 1454 on a PPoE connection (which works with a laptop directly connected) and when I try to browse certain website (like www.cisco.com) I get the following errors on the sys log
PMTU-D packet 1420 bytes greater than effective mtu 1050, dest_addr=[WANIP], src_addr=[Random website], prot=tcp
PMTU-D packet 1300 bytes greater than effective mtu 1050....
I know that PMTU relies on ICMP which I have allowed and I have also made sure that the default inspection has ICMP and ICMP Error ticked in ASDM.
I know alot of people have these issues with site2site VPN (my site to site vpns are fine its just external website browsing)
I am at a bit of a loss and any help would really be appreciated.
Cisco also has an article about this but with my version of ASA "exceed-mss allow" seems to be a default setting.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...