Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IP inspect fragment max command and its effect on SSL Anyconnect

I have a customer with a Cisco 3825 functioning as a firewall and "IP inspect fragment max on 256 timeout 1" is configured on the inbound. 

Can or will this command have any adverse affects on Cisco SSL Anyconnect client communications?

1 ACCEPTED SOLUTION

Accepted Solutions
Super Bronze

Re: IP inspect fragment max command and its effect on SSL Anycon

Don't believe that the inspection for fragments will particularly affect AnyConnect traffic. It will be inspecting for a maximum of 256 fragments before it starts to reassemble the packet for inspection. It will have affect on all traffic through the router, but not specifically to AnyConnect traffic.

Hope that helps.

1 REPLY
Super Bronze

Re: IP inspect fragment max command and its effect on SSL Anycon

Don't believe that the inspection for fragments will particularly affect AnyConnect traffic. It will be inspecting for a maximum of 256 fragments before it starts to reassemble the packet for inspection. It will have affect on all traffic through the router, but not specifically to AnyConnect traffic.

Hope that helps.

617
Views
0
Helpful
1
Replies