I am getting the MSS Exceeded errors in my syslog for a host on my inside network. I have found and attempted to implement the documented solution but to no avail. The error is reporting:
"Dropping TCP packet from inside: 10.0.0.1/3001 to outside: 10.209.209.209/1086, reason: MSS exceeded, MSS 1380, data 1400"
I have created the map & policy per the instructions found in another document:
# access-list (http-list)permit ip any any
# class-map (http)
# match access-list (http-list)
# tcp-map (tmap)
# exceed-mss allow
# policy-map (global_policy)
# class (http)
# set connection advanced-options (tmap)
# service-policy (global-policy)
(Here I get an "ERROR: % Incomplete command")
Is the access-list (http-list) supposed to be applied to an interface?
I am not really sure how this is suppose to resolve the issue and I am still getting the error in the syslog.
Any help would be greatly appreciated.