Solved: purpose of using sysopt connection tcpmss 0

lcaruso · ‎08-02-2013

Found this on an ASA I'm upgrading. Why set the tcp mss to 0?

sysopt connection tcpmss 0

Thanks.

Jouni Forss · ‎08-02-2013

Hi,

I can't really say why someone has changed the setting.

The default value is 1380

The value 0 seems to disable this feature completely. In other words if I have understood correctly, with the setting you mention, the ASA wont take part in deciding the maximum segment size when host behind 2 ASA interface initiate and negotiate a TCP connection.

Wonder if there is any special MTU settings on the ASA interfaces?

show run mtu

- Jouni

View solution in original post

Jouni Forss · ‎08-02-2013

Hi,

I can't really say why someone has changed the setting.

The default value is 1380

The value 0 seems to disable this feature completely. In other words if I have understood correctly, with the setting you mention, the ASA wont take part in deciding the maximum segment size when host behind 2 ASA interface initiate and negotiate a TCP connection.

Wonder if there is any special MTU settings on the ASA interfaces?

show run mtu

- Jouni

lcaruso · ‎08-02-2013

Thanks for your reply.

Checked the MTU's--good idea but they are all 1500.

This ASA has a lot of tunnels so my guess it was one of the tunnels, and whoever did this didn't know the procedure for Path MTU discovery