Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

asa 5505 dsl / mtu based ssl problem

Hi everyone,

We moved our office to a different location (including our dsl conncetion). We also updated our asa from 8.0.3 to 8.0.4.

Since then, I'm having trouble opening the webportal from customers having a dedicated line.

I'm getting the certificate, can confirm it but the page won't load. When setting down the MTU size on the client everything works fine. Using a DSL or UMTS Line also works like a charm.

î've set:

mtu inside 1500

mtu outside 1492

sysopt connection tcpmss 1452

crypto ipsec df-bit clear-df inside

crypto ipsec df-bit clear-df outside

i also attached an packet trace showing tcp checksum errors while loading the page.

Anybody has an idea?

1 REPLY

Re: asa 5505 dsl / mtu based ssl problem

Julian,

You are contributing to the issue with "sysopt connection tcpmss 1452"

Change it back to the default "1380" or lower - I suggest lower I use "1300"

And the commands

crypto ipsec df-bit clear-df inside

crypto ipsec df-bit clear-df outside

AFAIK they do not apply to the SSL connections

816
Views
5
Helpful
1
Replies