cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
503
Views
0
Helpful
1
Replies

ASA5510 blocks iPhone

dapogsdapogs
Level 1
Level 1

Hello, hopefully somebody can help me with this problem.

I have wireless routers connected to the DMZ. Internet access through the wireless routers are fine from laptops. However, when we try to access or browse the Internet from the iPhone, ASA drops the connection and shows this particular error:

Bad TCP hdr length (hdrlen=32, pktlen=58) from xxx.xxx.xxx.xxx/80 to xxx.xxx.xxx.xxx/1152, flags: ACK , on interface Untrust

Any ideas on how to fix this?

1 Reply 1

Yudong Wu
Level 7
Level 7

It might be related to the fragmentation of the packets. The packet which has bad TCP header length was sent from web server to iPhone.

You can do a packet sniffer to see what MSS is negotiated when using laptop and iPhone to access webserver respectively.

If they are the same, it must be something else. I would suggest you to open a TAC case to investigate it.

Review Cisco Networking for a $25 gift card