cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
352
Views
0
Helpful
1
Replies

ASA adjust mss for dsl

davidbuit
Level 1
Level 1

I have a site to site VPN over a DSL. My DSL line terminates on an 877 router on the one end and a pix 506 on the other end. I have a site-to-site VPN from an ASA on the other side of the 877 and the 506. I have having problems running certain application across this VPN and I believe it is related to the MTU permitted over DSL. I know on the 877 you can use the ip tcp adjust mss to change the MTU to the required size, but I have done this and it doesn't appear to have helped. Is it possible to adjust the MTU on the ASA or on the site-to-site VPN config to get this to work?

Thanks for your assistance

1 Reply 1

lgijssel
Level 9
Level 9

The security appliance supports IP path MTU discovery (as defined in RFC 1191), which allows a host to dynamically discover and cope with the differences in the maximum allowable MTU size of the various links along the path. Sometimes, the security appliance cannot forward a datagram because the packet is larger than the MTU that you set for the interface, but the "don't fragment" (DF) bit is set. The network software sends a message to the sending host, alerting it to the problem. The host has to fragment packets for the destination so that they fit the smallest packet size of all the links along the path.

The default MTU is 1500 bytes in a block for Ethernet interfaces (which is also the maximum). This value is sufficient for most applications, but you can pick a lower number if network conditions require it.

http://www.cisco.com/en/US/products/ps6120/products_command_reference_chapter09186a008063f573.html#wp1771252

Regards,

Leo

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco