Core issue
Unable to configure ASA 5500 tp establish a Citrix connection to a unix host
Resolution
To resolve this issue, perform these steps:
-
Check for the %ASA-6-602101: PMTU-D packet 1420 bytes greater than effective mtu 1350, dest_addr=, src_addr=, prot=TCP %ASA-2-106017: Deny IP due to Land Attack from to error in the log.
Change the tcpmss size to a value that is permissible according to the log. Set it to 1300, as shown in this example:
ASA5510#conf t
ASA5510(config)# mtu outside 1500
ASA5510(config)# sysopt connection tcpmss 1300
For more information, refer to the cysopt connection tcpmss command.