• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2263
  • Last Modified:

Need help configuring my Cisco ASA Firewall to extend MSS limit for outbound traffic

I have a Cisco ASA 5510 firewall and my company uses a third party POP3 providor for email.
I have just installed a Konica Multi-purpose copier that can scan a document and email it. However, when I do this, my firewall stops it with the message:
Dropping TCP packet from inside:10.203.15.202/1025 to outside:204.107.103.101/25, reason: MSS exceeded, MSS 1380, data 1460

I have seen how I can configure MSS to exceed for traffic coming in, but how can I configure it for traffic going out
0
eleeexpertsexchange
Asked:
eleeexpertsexchange
1 Solution
 
batry_boyCommented:
Try these statements:

access-list mss_allow_list extended permit tcp any host 204.107.103.101
tcp-map tcp-mss-map
  exceed-mss allow
class-map mss-map
 match access-list mss_allow_list
policy-map mss-map
 class mss-map
  set connection advanced-options tcp-mss-map
service-policy mss-map interface outside
0
 
eleeexpertsexchangeAuthor Commented:
This works. Thanks very much

0
 
EirejpCommented:
No luck I am afraid.

I applied the configuration without error but one command did not show up in the show run as if it was already the default.
"exceed-mss allow"

So it looks like it applied a empty policy to the external interface. I tried a couple of times but the tcp-map tcp-mss-map comes up blank.

I am still see these sorts of errors in the logs.



6	Nov 30 2010	14:37:09						PMTU-D packet 1420 bytes greater than effective mtu 1050, dest_addr=[WAN IP], src_addr=[Random web site], prot=tcp

Open in new window

0

Featured Post

Become a Leader in Data Analytics

Gain the power to turn raw data into better business decisions and outcomes in your industry. Transform your career future by earning your MS in Data Analytics. WGU’s MSDA program curriculum features IT certifications from Oracle and SAS.  

Tackle projects and never again get stuck behind a technical roadblock.
Join Now