i've got a strange Problem. I can establish a Tunnel between an PIX 515e (8.0.3) and an ASA Device 5510 7.0.6 Ping works, HTTP for example throws MSS Exceed on the ASA. PIX and ASA configured to allow mss-exceed via service Policy. The Data Size is always about 1443 Bytes. The sysopt tcpmss value is set t o1380 which should be enough for payload and IPSEC Header. The error Message says MSS Exceed MSS 1260 Data bytes 1443 ... ??? What the Hell can i do the reduce the payload. Changing the MTU size doesn't help.
I discover that the Problem arrives if i do an upgrade to ASA/PIXOS later than 7.0.6 because i have a second l2l tunnel to an Checkpoint device and if i upgrade the asa, this tunnel doesn't wokr for large Packets..
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...