Re: Using ASDM to solve MSS issue

mawallace · ‎06-02-2008

I have a problem with accessing a couple of websites on our network. I have identified it to be due to the fact the servers are sendning packets that exceed the MSS advertisied by client.

I recall that this is an issue which started in PIX version 7.

I also recall someone telling me that a "tick box" was added to ASDM to allow the firewall to pass packets that exceed the MSS - and that a "simple" command can be issued to allow this action to commence.

I cannot find the "tick" box in ASDM nor can find the refernce to the command.

Can someone point me in the right direction!

ASDM version 5.2 (2)

Pix version 7.2(2)

ASA 5510

andrew.prince · ‎06-02-2008

Mark,

the command is:-

sysopt connection tcpmss # - the default is 1380

In the ASDM navigate to:-

Configuration > TCP Options - change the value for the "Force Maximum Segment Size for TCP proxy connection to be"

HTH.

mawallace · ‎06-02-2008

Thank you - but the option is already ticked.

What I was trying to solve is the issue at:-

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804c8b9f.shtml

What I has told is that there is now one setting which allows me to say, for an website, allow the MSS to be exceeded!

andrew.prince · ‎06-02-2008

Firstly you have to know how much is the max data you can send thru your infra-structure, un-fragmented.

Try pinging the website you are trying to get to, first with a high packet size, reducing the packet size until you get a response.

ping x.x.x.x -l 1450 -f

ping x.x.x.x -l 1440 -f

ping x.x.x.x -l 1430 -f

and so on until you get a response. The number you find is what you should set the MSS to.

HTH.