Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

MSS Exceeded on ASA 8.0

Hi guys,

I'm seeing something strange on my ASA log :

Dropping TCP packet from dmz:10.x.x.x/23 to inside:10.x.x.x/45762, reason: MSS exceeded, MSS 536, data 556

536 ?? Am i reading well ?

When i do sh run sysopt :

no sysopt connection timewait

sysopt connection tcpmss 1380

sysopt connection tcpmss minimum 0

no sysopt nodnsalias inbound

no sysopt nodnsalias outbound

no sysopt radius ignore-secret

sysopt connection permit-vpn

no sysopt connection reclassify-vpn

Why are these packets being dropped ?


Re: MSS Exceeded on ASA 8.0

It means your host is sending more data than it initally negotiated that it could. Usually a badly written application does this, can be allowed by doing a tcp map for that flow and allowing exceed mss.

New Member

Re: MSS Exceeded on ASA 8.0

It's curious, the packets dropped are from a telnet session beetween a cisco router inside and a cisco switch in dmz...

Re: MSS Exceeded on ASA 8.0

that is strange, have you tried it from a windows pc with telnet to that device in the dmz instead ?