Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1025
Views
5
Helpful
1
Replies

asa 5505 dsl / mtu based ssl problem

julian
Level 1
Level 1

‎04-01-2009 11:50 AM - edited ‎02-21-2020 03:23 AM

Hi everyone,

We moved our office to a different location (including our dsl conncetion). We also updated our asa from 8.0.3 to 8.0.4.

Since then, I'm having trouble opening the webportal from customers having a dedicated line.

I'm getting the certificate, can confirm it but the page won't load. When setting down the MTU size on the client everything works fine. Using a DSL or UMTS Line also works like a charm.

î've set:

mtu inside 1500

mtu outside 1492

sysopt connection tcpmss 1452

crypto ipsec df-bit clear-df inside

crypto ipsec df-bit clear-df outside

i also attached an packet trace showing tcp checksum errors while loading the page.

Anybody has an idea?

Preview file
15 KB
0 Helpful
1 Reply 1

andrew.prince
Level 10
Level 10

‎04-03-2009 02:45 PM

Julian,

You are contributing to the issue with "sysopt connection tcpmss 1452"

Change it back to the default "1380" or lower - I suggest lower I use "1300"

And the commands

crypto ipsec df-bit clear-df inside

crypto ipsec df-bit clear-df outside

AFAIK they do not apply to the SSL connections

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card