Core issue
This %PIX|ASA-4-419001: Dropping TCP packet from src_ifc:src_IP/src_port to dest_ifc:dest_IP/dest_port, reason: MSS exceeded, MSS size, data size error message is generated when the length of the TCP packet exceeds the Maximum Segment Size (MSS) advertised in the three-way handshake.
Resolution
To resolve this issue, allow TCP packets to exceed the MSS. Use this configuration as an example of how to allow TCP packets that exceed the MSS:
# access-list (http-list)permit ip any any
# class-map (http)
# match access-list (http-list)
# tcp-map (tmap)
# exceed-mss allow
# policy-map (global_policy)
# class (http)
# set connection advanced-options (tmap)
# service-policy (global-policy)
For more information on this error message, refer to Cisco Security Appliance System Log Messages, Version 7.0.
For more information on how to adjust the TCP MSS and the IP Maximum Transmission Unit (MTU), refer to Adjusting IP MTU, TCP MSS.