The TCP MSS value specifies the maximum amount of TCP data in a single IP datagram that the local system can accept (reassemble). The IP datagram can be fragmented into multiple packets when sent. Theoretically, this value can be as large as 65495, but such a large value is never used. Typically, an end system uses the "outgoing interface MTU" minus 40 as its reported MSS. For example, an Ethernet MSS value is 1460 (1500 - 40 = 1460).
As stated in the URL, there are some server appears to dishonor the TCP MSS value reported by the client. They simply ignore it and send a packet with large TCP MSS and the PIX implemention before release 7.0 allows such large TCP MSS packets.
From release 7.0, it is blocked by default.
The reason, is that you might not want to allow these packets( with large TCP MSS value) to reach the client because of a potential buffer overrun on the client. The client might not able to handles such big payloads and it can choke the performance in the client.
Thats the reason this enhancement is made from release 7.0 onwards.
Check out this URL on some more insight in to TCP MSS.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :