Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

Dropping TCP packet reason: MSS exceeded, MSS 536, 1072 data

Good everyone, I am new to this forum and technology cisco, I have the following environment:

I have an ASA 5510 7.2 (3) that has a connection to the internet through the outside, the other 3 interfaces are connected to a switch 3560g of 48 ports, is the inside, other servers and other metrointer, this I connected a 10.2 suse linux server with 64-bit with two cards to 1000, a card to metrointer and other servers, the outside has a security level of 0, metrointer 20 and 50 servers.

Prior had a 10.0 suse linux server on a computer and the cards were 100 full duplex, the switch to this new server mentioned above. The 64-bit server is Postfix and serves as a gateway to a mail server with 2007 exchange this in my vlan servers.

We have a business partner who is a bank that also has a ASA and has a high-speed link (1mbits), the point is that when sending emails to this partner mails fail, I get this error.

4 Mar 03 2008 12:53:38 419001 x.x.x.x Dropping TCP packet from metrointer: to Outside: x.x.x.x/25, reason: MSS exceeded, MSS 536, 1072 data

Only with this partner gives me this error, add an exception in the ASA to avoid review the MSS but I am not working, my ASA what this vote, what is not is whether my linux are sending the biggest MSS that is managed initially or my partner, they say that the problems we have, the card is in my linux autoneg on a 1000 1000 full duplex, but that was not done, any orientation to solve this problem.

Adding file with the configuration of my ASA


Cisco Employee

Re: Dropping TCP packet reason: MSS exceeded, MSS 536, 1072 data


Following commands were issued to the pix so that exceed MSS packets were allowed through

pix :

pixfirewall(config)#class-map http-map1

pixfirewall(config-cmap)#match any


pixfirewall(config)#tcp-map mss-map

pixfirewall(config-tcp-map)#exceed-mss allow

pixfirewall(config)#policy-map global_policy

pixfirewall(config-pmap)#class http-map1

pixfirewall(config-pmap-c)#set connection advanced-options mss-map




New Member

Re: Dropping TCP packet reason: MSS exceeded, MSS 536, 1072 data

I exception, but I have the same problem, it is curious that no longer leaves me in the log.

Now the problem is on the other side?.


CreatePlease to create content