cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
734
Views
0
Helpful
3
Replies

Allow exceeded MSS on VPN router????

billy_maclin
Level 1
Level 1

Branch office has 881 VPN router. Services that ignore MSS in packets don't work. Adjusting MSS has no effect since the services are ignoring that setting. Example: www.google.com works fine, but some Yahoo sites don't.

Found a workaround for exceeded MSS for PIX and ASA (link below), but can't find anything for VPN routers.

http://www.cisco.com/en/US/customer/products/hw/vpndevc/ps2030/products_tech_note09186a00804c8b9f.shtml

1 Accepted Solution

Accepted Solutions

MS,

Let me apologize for my earlier response. I was not applying "ip tcp mss-adjust" correctly. I still had the value too high and ended up lowering it to 1300. I also needed to enable "ip tcp path-mtu-discovery" and "tunnel path-mtu-discovery", at both ends of the connection.

After adding everything and applying MSS adjust correctly, my problem has been resolved.

Again, sincerest apologies.

Best regards,

BMac

View solution in original post

3 Replies 3

mvsheik123
Level 7
Level 7

Hi,

Check whether the attached pdf helps with this.

Thx

MS

No, adjusting MSS value has no effect because the receiving end is ignoring this value in packets. That's why some services work and others don't.

Thanks for trying.

MS,

Let me apologize for my earlier response. I was not applying "ip tcp mss-adjust" correctly. I still had the value too high and ended up lowering it to 1300. I also needed to enable "ip tcp path-mtu-discovery" and "tunnel path-mtu-discovery", at both ends of the connection.

After adding everything and applying MSS adjust correctly, my problem has been resolved.

Again, sincerest apologies.

Best regards,

BMac

Review Cisco Networking for a $25 gift card