Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

MSS Exceed Error on ASA 5520 ver. 8.0.2

I am getting the MSS Exceeded errors in my syslog for a host on my inside network. I have found and attempted to implement the documented solution but to no avail. The error is reporting:

"Dropping TCP packet from inside: 10.0.0.1/3001 to outside: 10.209.209.209/1086, reason: MSS exceeded, MSS 1380, data 1400"

I have created the map & policy per the instructions found in another document:

# access-list (http-list)permit ip any any

# class-map (http)

# match access-list  (http-list)

# tcp-map (tmap)
# exceed-mss allow

# policy-map (global_policy)
# class (http)
# set connection advanced-options (tmap)

# service-policy (global-policy)

(Here I get an "ERROR: % Incomplete command")

Is the access-list (http-list) supposed to be applied to an interface?

I am not really sure how this is suppose to resolve the issue and I am still getting the error in the syslog.

Any help would be greatly appreciated.

Comments
New Member
New Member

Mike,

   Thank You for the URL. I did look at this originally. The timing for your post was immaculate because I discovered and resolved the issue the minute I received your notification.

The above TCP map did resolve the issue. The client was continuing to broadcast the MSS packet in question (probably because it was a TCP packet without an ACK). After a reset to the client's net connection, the error stopped.

Thanks Again.

J.T.

4127
Views
0
Helpful
2
Comments