Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1458
Views
0
Helpful
0
Replies

[FTD][ASA 9.12 IOS] Should I manually set a higher MTU, or disable SVC Compression?

Brandon Eldridge
Level 1
Level 1

‎04-29-2021 08:45 AM

Hello - 

 

I searched around but couldn't find any previous threads that seemed to answer this question. I am troubleshooting an issue causing frequent disconnects for remote users working over Webvpn sessions with AnyConnect as the client side supplicant. 

 

Looks like this is due to large packets being transferred based on what I saw in the logs:

 

Mar 26 10:28:46 VPNAPP1 : %ASA-6-722036: Group <VPN-REMOTE> User <adusername> IP <publicip> Transmitting large packet 1390 (threshold 1287).

 

and researching leads to https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/b_syslog/syslogs9.html#con_4778946

 

Explanation A large packet was sent to the client. The source of the packet may not be aware of the MTU of the client. This could also be due to compression of non-compressible data.

  • length—The length of the large packet
  • num—The threshold

Recommended Action Turn off SVC compression, otherwise, none required.

 

So would it be recommended to adjust the MTU to a higher number, such as 1400? Currently it is not manually set on the webvpn settings. 

 

If that does not work and I disable SVC compression on the ASA as a workaround, does anyone have any experience with the immediate effects of that change? I want to make sure I set expectations accordingly regarding an outage window for the change. 

 

Thank you in advance for any assistance anyone can provide!

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card