Solved: Allow exceeded MSS on VPN router????

billy_maclin · ‎06-04-2013

Branch office has 881 VPN router. Services that ignore MSS in packets don't work. Adjusting MSS has no effect since the services are ignoring that setting. Example: www.google.com works fine, but some Yahoo sites don't.

Found a workaround for exceeded MSS for PIX and ASA (link below), but can't find anything for VPN routers.

http://www.cisco.com/en/US/customer/products/hw/vpndevc/ps2030/products_tech_note09186a00804c8b9f.shtml

billy_maclin · ‎06-04-2013

MS,

Let me apologize for my earlier response. I was not applying "ip tcp mss-adjust" correctly. I still had the value too high and ended up lowering it to 1300. I also needed to enable "ip tcp path-mtu-discovery" and "tunnel path-mtu-discovery", at both ends of the connection.

After adding everything and applying MSS adjust correctly, my problem has been resolved.

Again, sincerest apologies.

Best regards,

BMac

View solution in original post

mvsheik123 · ‎06-04-2013

Hi,

Check whether the attached pdf helps with this.

Thx

MS

billy_maclin · ‎06-04-2013

No, adjusting MSS value has no effect because the receiving end is ignoring this value in packets. That's why some services work and others don't.

Thanks for trying.

billy_maclin · ‎06-04-2013

MS,

Let me apologize for my earlier response. I was not applying "ip tcp mss-adjust" correctly. I still had the value too high and ended up lowering it to 1300. I also needed to enable "ip tcp path-mtu-discovery" and "tunnel path-mtu-discovery", at both ends of the connection.

After adding everything and applying MSS adjust correctly, my problem has been resolved.

Again, sincerest apologies.

Best regards,

BMac