Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA5510 blocks iPhone

Hello, hopefully somebody can help me with this problem.

I have wireless routers connected to the DMZ. Internet access through the wireless routers are fine from laptops. However, when we try to access or browse the Internet from the iPhone, ASA drops the connection and shows this particular error:

Bad TCP hdr length (hdrlen=32, pktlen=58) from xxx.xxx.xxx.xxx/80 to xxx.xxx.xxx.xxx/1152, flags: ACK , on interface Untrust

Any ideas on how to fix this?

1 REPLY

Re: ASA5510 blocks iPhone

It might be related to the fragmentation of the packets. The packet which has bad TCP header length was sent from web server to iPhone.

You can do a packet sniffer to see what MSS is negotiated when using laptop and iPhone to access webserver respectively.

If they are the same, it must be something else. I would suggest you to open a TAC case to investigate it.

240
Views
0
Helpful
1
Replies