11-14-2007 03:37 AM - edited 02-21-2020 03:22 PM
Hi,
In the ASA log, we are seeing the following error:
Error Message %ASA-3-722036: Group group User user-name IP IP_address Transmitting
large packet length (threshold threshold).
I presume our server is sending large packets to the SSL client? Has anyone else encountered this?
Thanks,
Mark.
11-20-2007 07:41 AM
This error message means that client is sending packets larger than the level expected by ASA. Change the MTU on the client side. This URL should help http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/s8.html#wp1318649 for more information.
11-20-2007 07:46 AM
Hi,
Thanks for the reply. Unfortunately I am not using the AnyConnect client. I am using ASA 7.2 with the SVC client.
09-23-2012 11:22 AM
I know this post is 5 years old, but this problem is still cropping up from time to time with no explanation. Specifically, myself and others have an issue with a large packet length of 1410, with a threshold of 1406. Unfortunately, you can't change the MTU because the maximum is 1406. This doesn't even make sense.
I did find one possibility. A troubleshooting article showing the ASA transmitting packets that exceeded the MTU could be fixed by running:
svc compression none
But will this also fix the received packets?
09-27-2012 07:14 PM
Hi Brian,
The old SSL client is not longer supported, it is legacy.
At this point, I would suggest the AnyConnect client, since it introduces the command:
[no] svc mtu size
Which only affects the AnyConnect sessios. The old SSL VPN Client (SVC) does not suppor it.
An example:
ASA(config)# group-policy AnyConnect attributes
ASA(config-group-policy)# webvpn
ASA(config-group-webvpn)# svc mtu 1200
Thanks.
Portu.
Please rate any helpful posts.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide