f



Cisco ASA 5510 MSS Issue

I have a Cisco ASA 5510 appliance at my corporate office and cisco
1811's at our branch sites. I am troubleshooting some connectivity
issues with a new Exchange server on the network. Troubleshooting as
led me to think that the problem is a fragmentation issue on the
network. When I started looking at the router configs ( 1811 ) i
noticed that the previous network admin had set the default mss size
to 1300, however no one could tell me why this had been done. I have
heard of this being done to resolve some web browsing errors, but I
have removed the setting and no one is complaining. Since removing the
mss setting on the 1811's I can now send a test ping with don't
fragment flag and a size of 1442 from all branch sites into the
corporate router. This a substantial increase from before when the
size was being limited to 1300 or less. However going out from corp
the largest packet I can send is 1250. I have checked and rechecked
the ASA config file and can find no setting to lower the mss or mtu
size.


Anyone have any thoughts ?

Thanks
0
2/18/2008 3:43:49 PM
comp.security.firewalls 10672 articles. 0 followers. dfinc1988 (97) is leader. Post Follow

2 Replies
877 Views

Similar Articles

[PageSpeed] 2

On Feb 18, 4:43=A0pm, "dangent...@gmail.com" <dangent...@gmail.com>
wrote:
I have checked and rechecked
> the ASA config file and can find no setting to lower the mss or mtu
> size.
>
> Anyone have any thoughts ?

MTU
mtu Outside xxx
MSS
sysopt connection tcp-mss xxx

see also http://cisco.com/en/US/products/ps6120/products_configuration_examp=
le09186a008081e621.shtml
and
http://www.cisco.com/warp/public/471/en/US/products/hw/vpndevc/ps2030/produc=
ts_tech_note09186a00804c8b9f.shtml

Br.
Robby
0
2/19/2008 10:01:00 AM
i added the following to my asa

>
> MTU
> mtu Outside 1492 ( as per my ISP )
> MSS
> sysopt connection tcp-mss 1380 ( max for ASA )

Then on my branch routers I added

ip tcp mss 1380 ( to match with the ASA )

This has helped, I am able to send ping x.x.x.x -f -l 1414 around to
all sites now. However, I am still having a problem with exchange.
Users running outlook constantly see messages that the connection to
the server has been lost and restored all day long. Corp office
( exchange is part of local subnet here ) do not see the message. My
research on this problem led us to think that it was a problem with
fragmentation on the network this the original post. Any one have any
thoughts now, or run into anything similar ?

Thanks
0
2/25/2008 4:40:03 PM
Reply:

Similar Artilces:

CISCO
If you intend to use and implement the Secure Firewalls and to be CISCO certified as a part of the growing vast trends in technology, then you should not leave behind to take the advantage of the material provided for Secure Firewalls. http://www.it-techexperts.com/CISCO/CCSP/CCSP.asp ...

Cisco ASA 5510
Hi I need help, I have the following 1 x dlink dsl router, pppoa connection to outside world. 1 x ASA 5510 1 dlink attached to the asa 1 switch attached to the asa the inside lan ip range is from 10.xx.xx.xx/24 the interface of the dlink is 10.10.1.1 I would like to permit all traffic inbound and outboud from the dlink into the asa and out through the lan interface. Also with NAT and vpn from the dlink to the lan I have a pppoa conenction BT on the Dlink then on the internal interface I have the ip address 10.0.0.3. I can not get anything to go anywhere and do not really know why, I r...

Cisco ASA 5510 to Cisco PIX 506E VPN Tunnel, Dropping RDP
Hi All I have a customer that has been using a Cisco PIX 506E to Cisco PIX 506E site-to-site VPN tunnel that I set up around 5 years ago. I have recently purchased a new Cisco ASA 5510 to replace one of the 506s. When the ASA 5510 is in place, RDP connections across the VPN tunnel to a terminal server are randomly disconnected. I have swapped the 506E back into production and the connections NEVER drop. In an effort to troubleshoot, I downgraded the ASA 5510 to v7.23 from 8.0. Problem instantly reoccurred. I have called TAC to confirm the configuration is correct, which it is. The other...

ASA 5510 Issue
Hi Group, I have an ASA 5510 7.2(2) code. Jan 4 10:11:23 aof-fw-01 %ASA-6-302014: Teardown TCP connection 1691135 for outside:198.104.142.140/3900 to inside:192.168.0.246/25 duration 0:00:01 bytes 39928 TCP FINs Jan 4 10:11:23 aof-fw-01 %ASA-6-106015: Deny TCP (no connection) from 192.168.0.246/25 to 198.104.142.140/3900 flags RST on interface inside I am having some issues with intermittent traffic flow problem, what I am finding is as shown above, the translation for a connection is being torn down and the next log entry is then denied because the translation was deleted but was i...

Cisco ASA 5510
Hi I need help, I have the following 1 x dlink dsl router, pppoa connection to outside world. 1 x ASA 5510 1 dlink attached to the asa 1 switch attached to the asa the inside lan ip range is from 10.xx.xx.xx/24 the interface of the dlink is 10.10.1.1 I would like to permit all traffic inbound and outboud from the dlink into the asa and out through the lan interface. Also with NAT and vpn from the dlink to the lan I have a pppoa conenction BT on the Dlink then on the internal interface I have the ip address 10.0.0.3. I can not get anything to go anywhere and do not really know why, I r...

Security programs 2005 - , Firewall programs 2005 -, Antivirus programs 2005 -, APPDEV DOT NET SECURITY, Linux Security and Firewall programs 2005 -, CiscoWorks ( CW ) Security programs 2005
Security programs 2005 - , Firewall programs 2005 -, Antivirus programs 2005 -, APPDEV DOT NET SECURITY, Linux Security and Firewall programs 2005 -, CiscoWorks ( CW ) Security programs 2005 - , ---------------------------------------------------------------------------- Security programs 2005 - Utimaco SafeGuard Advanced Security v4.30.0.335 Multi CD NR 17 543 Utimaco SafeGuard Advanced Security v4.30.0.335 Terminal Server Base Module Multi CD NR 17 544 Utimaco SafeGuard Advanced Security v4.30.0.335 ...

Security programs 2005 - , Firewall programs 2005 -, Antivirus programs 2005 -, APPDEV DOT NET SECURITY, Linux Security and Firewall programs 2005 -, CiscoWorks ( CW ) Security programs 2005
Security programs 2005 - , Firewall programs 2005 -, Antivirus programs 2005 -, APPDEV DOT NET SECURITY, Linux Security and Firewall programs 2005 -, CiscoWorks ( CW ) Security programs 2005 - , ---------------------------------------------------------------------------- Security programs 2005 - Utimaco SafeGuard Advanced Security v4.30.0.335 Multi CD NR 17 543 Utimaco SafeGuard Advanced Security v4.30.0.335 Terminal Server Base Module Multi CD NR 17 544 Utimaco SafeGuard Advanced Security v4.30.0.335 ...

Security programs 2005 - , Firewall programs 2005 -, Antivirus programs 2005 -, APPDEV DOT NET SECURITY, Linux Security and Firewall programs 2005 -, CiscoWorks ( CW ) Security programs 2005
Security programs 2005 - , Firewall programs 2005 -, Antivirus programs 2005 -, APPDEV DOT NET SECURITY, Linux Security and Firewall programs 2005 -, CiscoWorks ( CW ) Security programs 2005 - , ---------------------------------------------------------------------------- Security programs 2005 - Utimaco SafeGuard Advanced Security v4.30.0.335 Multi CD NR 17 543 Utimaco SafeGuard Advanced Security v4.30.0.335 Terminal Server Base Module Multi CD NR 17 544 Utimaco SafeGuard Advanced Security v4.30.0.335 Terminal Ser...

Security programs 2005 - , Firewall programs 2005 -, Antivirus programs 2005 -, APPDEV DOT NET SECURITY, Linux Security and Firewall programs 2005 -, CiscoWorks ( CW ) Security programs 2005
Security programs 2005 - , Firewall programs 2005 -, Antivirus programs 2005 -, APPDEV DOT NET SECURITY, Linux Security and Firewall programs 2005 -, CiscoWorks ( CW ) Security programs 2005 - , ---------------------------------------------------------------------------- Security programs 2005 - Utimaco SafeGuard Advanced Security v4.30.0.335 Multi CD NR 17 543 Utimaco SafeGuard Advanced Security v4.30.0.335 Terminal Server Base Module Multi CD NR 17 544 Utimaco SafeGuard Advanced Security v4.30.0.335 Terminal Ser...

pgp programs 2005 -, Security programs 2005
pgp programs 2005 -, Security programs 2005 - , Firewall programs 2005 -, Antivirus programs 2005 -, APPDEV DOT NET SECURITY, Linux Security and Firewall programs 2005 -, CiscoWorks ( CW ) Security programs 2005 - , ---------------------------------------------------------------------------- pgp programs 2005 - PGP.CommandLine.for.Linux.v8.5.0 PGP.CommandLine.for.Solaris.v8.5.0 PGP.CommandLine.v8.5.0 (week 31/2004) PGP.Desktop.v8.1.for.Windows PGP.Personal.Desktop.v8.1.for.Macintosh (week 26/2004) PGP.Enterprise.v8.0.3 (week 49/20030 PGP.v8.0.3 (week 42/2003) 15/...

pgp programs 2005 -, Security programs 2005
pgp programs 2005 -, Security programs 2005 - , Firewall programs 2005 -, Antivirus programs 2005 -, APPDEV DOT NET SECURITY, Linux Security and Firewall programs 2005 -, CiscoWorks ( CW ) Security programs 2005 - , ---------------------------------------------------------------------------- pgp programs 2005 - PGP.CommandLine.for.Linux.v8.5.0 PGP.CommandLine.for.Solaris.v8.5.0 PGP.CommandLine.v8.5.0 (week 31/2004) PGP.Desktop.v8.1.for.Windows PGP.Personal.Desktop.v8.1.for.Macintosh (week 26/2004) PGP.Enterprise.v8.0.3 (week 49/20030 PGP.v8.0.3 (week 42/2003) 15/...

Symantec Firewall to ASA 5510
Newbie to ASA. Trying to find config info on Rules and service groups. Trying to learn the lingo and translations between the two. Any help would be greatly appreciated. ...

ASA 5510 FTP Issue
Hi All, I have a ASA 5510 running 7.0(5) and I am having an FTP issue, which I cant seem to find a way to fix. The issue is that after about 5 min of uploading any file (big or small, as long as it takes more than 5 min to upload), the ftp connection is reset. I have tried a few different things to rule out other possible causes. I have tried FTP'ing from a few different boxes behind the firewall, to the same and other FTP servers, this all results in the same issue. I have tried ftp'ing from servers not behind the firewall, to the same ftp servers, and the problem does not exist. I...

ASA 5510 WebVPN issue
Hi all, I use ASA WebVPN with portforwarding feature to ensure terminal services access to some internal servers. Everything worked fine untill few days ago...now I can connect and log-me in but when i launch the microsoft remote desktop it does not work and in the java applet (where normally there are the list of the servers with port forward enabled) stop working and a "disconnect" appear. I really don't understand what appen! Bad Java updates in these days? Low memory available to run WebVPN ? I'm going to try a reboot... any suggest? thanks -- Alex Alex Tech ...

Web resources about - Cisco ASA 5510 MSS Issue - comp.security.firewalls

思科中国 - Cisco Systems, Inc
思科公司中文网站 - 思科公司是全球领先的互联网解决方案供应商。今天,网络作为一个平台成为了商业、教育、政府和家庭通信不可或缺的一部分,思科的互联网技术正是这些网络的基础。

Cisco Systems, Inc
Cisco (NASDAQ: CSCO) is the worldwide leader in networking that transforms how people connect, communicate and collaborate.

Cisco Cable - Compatible Cisco Cables
Buy compatible Cisco cables from original Cisco cable manufacturer directly with high quality, lifetime warranty and fast worldwide delivery. ...

Cisco Press: Source for Cisco Technology, CCNA, CCNP, CCIE Self-Study
Cisco Press is part of a recommended learning path from Cisco Systems that combines instructor-led training with hands-on instruction, e-learning, ...

Cisco Subnet: An independent Cisco community
Cisco Security Watch covers the latest in cisco related security news, expert blogs, resources, and more from Network World editors.

Cisco Systems, Inc
Cisco (NASDAQ: CSCO) is the worldwide leader in networking that transforms how people connect, communicate and collaborate.

Cisco VNI Resources
This widget allows you to define specific parameters of Cisco VNI Forecast data and create custom views/charts that may be used in public/private ...

Home - Cisco London 2012 - Official Olympic Network Infrastructure Provider
Find out what the Cisco team are doing to create the most advanced network infrastructure in Olympic history and build a legacy for the UK.

Cisco Canada Blog - built for the human network
built for the human network Saviez-vous qu’à présent, Cisco a plus de 18 000 étudiants inscrits dans 244 Académies à travers le pays? Cisco Networking ...

Cisco Bridges - Wikipedia, the free encyclopedia
50°09′05″N 121°34′52″W  /  50.151505°N 121.581114°W  / 50.151505; -121.581114 Coordinates : 50°09′05″N 121°34′52″W  /  50.151505°N 121.581114°W ...

Resources last updated: 2/3/2016 7:33:43 AM