I am running an ASA 5520 with 8.4(1).
I have had some Mac users complain of slow SMB transfers, so I've bene looking into MTU settings.
My default group policy sets the MTU to 1406. However, there is a tcpmss command on the ASA setting it to 1200 bytes. (
sysopt connection tcpmss 1200)
If I look at 'show fragment' I see a ton of failed reassemblys, which bothers me.
Interface: inside
Size: 200, Chain: 24, Timeout: 5, Reassembly: virtual
Queue: 0, Assembled: 1492, Fail: 1159641169920, Overflow: 0
Interface: outside
Size: 200, Chain: 24, Timeout: 5, Reassembly: virtual
Queue: 0, Assembled: 1317493, Fail: 234110077370368, Overflow: 0
So I'm wondering if the client is sending out a packet size of 1406 + overhead (so we'll say 1500), but the VPN is only allowing a packet size of 1200 bytes due to the mss setting. And this could be causing a ton of retransmissions, as well as fragmentation.
Could this be what is happening, and should I adjust the mss setting to something more like 1400?
Thanks.