12-28-2007 08:07 PM - edited 03-12-2019 05:55 PM
when we try to connect to the web interface we get this in the logs Dropping TCP packet from dmz:smswitch.internal/80 to outside:cox.home/50206, reason: MSS exceeded, MSS 1260, data 1430
12-28-2007 08:21 PM
Are you running 7.x? there seems to be workaround.. check this link.
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804c8b9f.shtml
Rgds
Jorge
12-28-2007 08:28 PM
Running 8.03 and tried that no joy.
12-29-2007 08:05 AM
Running 8.03
12-29-2007 10:10 AM
Robert, did you follow the example in the link using service-policy to activate the policy map created and apply it on outside interface? and using the keyword exceed-mss allow ?
I did some other search and found this is the only way to make this work even on version 8.0 as this is only done through policy framework class-map etc..
also on your original post you indicated this only happens on only a particular weblink , lookin at the log cox.home ? do you know the actual link dns name?
12-29-2007 11:32 AM
try this script and add it to your global policy, replace server_ip with the destination dmz host ip address.
access-list http-list permit tcp any host server_ip eq 80
class-map http
match access-list http-list
tcp-map tmap
exceed-mss allow
policy-map global_policy
class http
set connection advanced-options tmap
Rgds
Jorge
12-29-2007 04:09 PM
I did that previously and it didn't work. As for the DNS it is a switch and the switch does not have a dns entry. We access it by IP.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide