I am getting the MSS Exceeded errors in my syslog for a host on my inside network. I have found and attempted to implement the documented solution but to no avail. The error is reporting:
"Dropping TCP packet from inside: 10.0.0.1/3001 to outside: 10.209.209.209/1086, reason: MSS exceeded, MSS 1380, data 1400"
I have created the map & policy per the instructions found in another document:
# access-list (http-list)permit ip any any# class-map (http)# match access-list (http-list)# tcp-map (tmap)# exceed-mss allow# policy-map (global_policy)# class (http)# set connection advanced-options (tmap)# service-policy (global-policy)
(Here I get an "ERROR: % Incomplete command")
Is the access-list (http-list) supposed to be applied to an interface?
I am not really sure how this is suppose to resolve the issue and I am still getting the error in the syslog.
Any help would be greatly appreciated.
This should help you:
Thank You for the URL. I did look at this originally. The timing for your post was immaculate because I discovered and resolved the issue the minute I received your notification.
The above TCP map did resolve the issue. The client was continuing to broadcast the MSS packet in question (probably because it was a TCP packet without an ACK). After a reset to the client's net connection, the error stopped.