Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Using ASDM to solve MSS issue

I have a problem with accessing a couple of websites on our network. I have identified it to be due to the fact the servers are sendning packets that exceed the MSS advertisied by client.

I recall that this is an issue which started in PIX version 7.

I also recall someone telling me that a "tick box" was added to ASDM to allow the firewall to pass packets that exceed the MSS - and that a "simple" command can be issued to allow this action to commence.

I cannot find the "tick" box in ASDM nor can find the refernce to the command.

Can someone point me in the right direction!

ASDM version 5.2 (2)

Pix version 7.2(2)

ASA 5510

3 REPLIES

Re: Using ASDM to solve MSS issue

Mark,

the command is:-

sysopt connection tcpmss # - the default is 1380

In the ASDM navigate to:-

Configuration > TCP Options - change the value for the "Force Maximum Segment Size for TCP proxy connection to be"

HTH.

New Member

Re: Using ASDM to solve MSS issue

Thank you - but the option is already ticked.

What I was trying to solve is the issue at:-

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804c8b9f.shtml

What I has told is that there is now one setting which allows me to say, for an website, allow the MSS to be exceeded!

Re: Using ASDM to solve MSS issue

Firstly you have to know how much is the max data you can send thru your infra-structure, un-fragmented.

Try pinging the website you are trying to get to, first with a high packet size, reducing the packet size until you get a response.

ping x.x.x.x -l 1450 -f

ping x.x.x.x -l 1440 -f

ping x.x.x.x -l 1430 -f

and so on until you get a response. The number you find is what you should set the MSS to.

HTH.

3486
Views
0
Helpful
3
Replies