Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

tcp-mss mis match .. would this cause this problem

So, I have a PC that is trying to https to an outside IP address. I can telnet to the IP in question on port 443 but my browser can't connect via https. This is the traffic capture from my FW.

sh cap capin

8 packets captured

1: 09:45:16.617949 10.x.x.x.1110 > 208.66.255.236.443: S 3587362937:3587362937(0) win 64240 <mss 1460,nop,nop,sackOK>

2: 09:45:16.633817 208.66.255.236.443 > 10.x.x.x.1110: S 2655106766:2655106766(0) ack 3587362938 win 5840 <mss 1300>

3: 09:45:16.634564 10.x.x.x.1110 > 208.66.255.236.443: . ack 2655106767 win 64240

4: 09:45:16.636197 10.x.x.x.1110 > 208.66.255.236.443: R 3587362938:3587362938(0) win 0

5: 09:46:39.512531 10.x.x.x.1112 > 208.66.255.236.443: S 32691742:32691742(0) win 64240 <mss 1460,nop,nop,sackOK>

6: 09:46:39.555833 208.66.255.236.443 > 10.x.x.x.1112: S 3794255628:3794255628(0) ack 32691743 win 5840 <mss 1300>

7: 09:46:39.556154 10.x.x.x.1112 > 208.66.255.236.443: . ack 3794255629 win 64240

8: 09:46:39.557725 10.x.x.x.1112 > 208.66.255.236.443: R 32691743:32691743(0) win 0

Please let me know if I should adjust something on my side.

Thanks

1 REPLY
Green

Re: tcp-mss mis match .. would this cause this problem

Sounds like an MTU issue. SOmewhere the data hits a smaller MTU and is fragmented (and encrypted stuff (and most/all routing protocols) don't tolerate fragmentation.

Good Luck

Scott

109
Views
0
Helpful
1
Replies
CreatePlease login to create content