Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

How to configure ASA 5500 to establish a Citrix connection to a Unix host

Core issue

Unable to configure ASA 5500 tp establish a Citrix connection to a unix host


To resolve this issue, perform these steps:

  1. Make sure the policy map command has been issued.

  2. Check for the %ASA-6-602101: PMTU-D packet 1420 bytes greater than effective mtu 1350, dest_addr=, src_addr=, prot=TCP %ASA-2-106017: Deny IP due to Land Attack from to error in the log.

  3. Change the tcpmss size  to a value that is permissible according to the log. Set it to 1300, as shown in this example:

    ASA5510#conf t

    ASA5510(config)# mtu outside 1500

    ASA5510(config)# sysopt connection tcpmss 1300


For more information, refer to the cysopt connection tcpmss command.

Version history
Revision #:
1 of 1
Last update:
‎06-22-2009 04:11 PM
Updated by:
Labels (1)