https://community.cisco.com/t5/network-security/sysopt-connection-tcpmss-and-mtu-of-9216/m-p/1891142#M437414 <HTML><HEAD></HEAD><BODY><P> Thanks for the clarification!</P></BODY></HTML> Wed, 09 May 2012 16:16:35 GMT patoberli 2012-05-09T16:16:35Z https://community.cisco.com/t5/network-security/sysopt-connection-tcpmss-and-mtu-of-9216/m-p/1891140#M437410 <P>Hi All</P><P></P><P>We have a new ASA5585 as an internal firewall that will slowly replace our aging FWSM. For optimum performance it was adviced on the FWSM to set sysopt connection tcpmss to 0, even though using MTU of 1500. </P><P>On the new ASA are we now going to enable MTU of 9216 for the contexts. The ASA is running in transparent multicontext mode. </P><P>I read this here: <A href="http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080ba9521.shtml" target="_blank">http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080ba9521.shtml</A> which advises against setting the tcpmss to 0. But if I understand it correct, that means that the MTU of 9216 is useless, right?</P><P>So in our case it would be needed to turn of the tcpmss feature to actually use the higher MTU?</P><P></P><P>Thanks</P><P>Pato</P> Mon, 11 Mar 2019 23:04:17 GMT https://community.cisco.com/t5/network-security/sysopt-connection-tcpmss-and-mtu-of-9216/m-p/1891140#M437410 patoberli 2019-03-11T23:04:17Z https://community.cisco.com/t5/network-security/sysopt-connection-tcpmss-and-mtu-of-9216/m-p/1891141#M437411 <HTML><HEAD></HEAD><BODY><P>Pato, </P><P></P><P>Jumbo frames support:</P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/security/asa/asa84/command/reference/jk.html#wp1633967">http://www.cisco.com/en/US/docs/security/asa/asa84/command/reference/jk.html#wp1633967</A></P><P></P><P>having a look at internal documentation we suggest setting MSS to 9096 (120 bytes lower tahn MTU) while typically we would set it to 40 bytes lower. </P><P></P><P>Now what you need to remember that we will use lower of the two MSSes advertised by peers.</P><P></P><P>M.</P></BODY></HTML> Wed, 09 May 2012 15:57:28 GMT https://community.cisco.com/t5/network-security/sysopt-connection-tcpmss-and-mtu-of-9216/m-p/1891141#M437411 Marcin Latosiewicz 2012-05-09T15:57:28Z https://community.cisco.com/t5/network-security/sysopt-connection-tcpmss-and-mtu-of-9216/m-p/1891142#M437414 <HTML><HEAD></HEAD><BODY><P> Thanks for the clarification!</P></BODY></HTML> Wed, 09 May 2012 16:16:35 GMT https://community.cisco.com/t5/network-security/sysopt-connection-tcpmss-and-mtu-of-9216/m-p/1891142#M437414 patoberli 2012-05-09T16:16:35Z https://community.cisco.com/t5/network-security/sysopt-connection-tcpmss-and-mtu-of-9216/m-p/1891143#M437415 <HTML><HEAD></HEAD><BODY><P>Hello Marcin,</P><P></P><P>please can you clarify the following questions:</P><P></P><P>if I enable Jumbo frames support on an interface it is necessary to enable it on all the interfaces ?</P><P></P><P>if I have a cluster A/S and I enable the Jumbo frames support is it necessary to configure also the "Stateful Failover" </P><P>interface ?</P><P></P><P>as the "sysopt connection tcpmss 9096" is a global system configuration is it possible to configure only 2 interfaces with mtu 9216 and leave all other interfaces to the default 1500 ?</P><P></P><P>Best Regards</P><P></P><P>Roberto Taccon</P></BODY></HTML> Wed, 09 May 2012 18:26:00 GMT https://community.cisco.com/t5/network-security/sysopt-connection-tcpmss-and-mtu-of-9216/m-p/1891143#M437415 ROBERTO TACCON 2012-05-09T18:26:00Z https://community.cisco.com/t5/network-security/sysopt-connection-tcpmss-and-mtu-of-9216/m-p/1891144#M437416 <HTML><HEAD></HEAD><BODY><P>Roberto. </P><P></P><P>My knowledge about this feature is from several years ago, feel free to doublecheck. </P><P></P><P>Enabling jumbo frame&nbsp; resevation/forwarding does not increase the MTU automatically - you need to explicitly raise your MTU. </P><P></P><P>You can leave failover interface as is.</P><P></P><P>M.</P></BODY></HTML> Wed, 09 May 2012 19:22:36 GMT https://community.cisco.com/t5/network-security/sysopt-connection-tcpmss-and-mtu-of-9216/m-p/1891144#M437416 Marcin Latosiewicz 2012-05-09T19:22:36Z https://community.cisco.com/t5/network-security/sysopt-connection-tcpmss-and-mtu-of-9216/m-p/1891145#M437417 <HTML><HEAD></HEAD><BODY><P style="background-color: #ffffff; border-collapse: collapse; font-size: 11.818181991577148px; list-style: none; font-family: Arial, verdana, sans-serif;">This is now documented online:</P><P></P><P style="background-color: #ffffff; border-collapse: collapse; font-size: 11.818181991577148px; list-style: none; font-family: Arial, verdana, sans-serif;">ASA: Receiving and Transmitting Jumbo Ethernet Frames</P><P style="background-color: #ffffff; border-collapse: collapse; font-size: 11.818181991577148px; list-style: none; font-family: Arial, verdana, sans-serif;"><A href="http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080bd7524.shtml" rel="nofollow" style="border-collapse: collapse; list-style: none; outline: none; color: #2f6681;">http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080bd7524.shtml</A></P></BODY></HTML> Thu, 20 Dec 2012 22:52:12 GMT https://community.cisco.com/t5/network-security/sysopt-connection-tcpmss-and-mtu-of-9216/m-p/1891145#M437417 Jay Johnston 2012-12-20T22:52:12Z