?
Solved

Need help configuring my Cisco ASA Firewall to extend MSS limit for outbound traffic

Posted on 2007-11-13
3
Medium Priority
?
2,204 Views
Last Modified: 2008-10-20
I have a Cisco ASA 5510 firewall and my company uses a third party POP3 providor for email.
I have just installed a Konica Multi-purpose copier that can scan a document and email it. However, when I do this, my firewall stops it with the message:
Dropping TCP packet from inside:10.203.15.202/1025 to outside:204.107.103.101/25, reason: MSS exceeded, MSS 1380, data 1460

I have seen how I can configure MSS to exceed for traffic coming in, but how can I configure it for traffic going out
0
Comment
Question by:eleeexpertsexchange
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 28

Accepted Solution

by:
batry_boy earned 1000 total points
ID: 20276536
Try these statements:

access-list mss_allow_list extended permit tcp any host 204.107.103.101
tcp-map tcp-mss-map
  exceed-mss allow
class-map mss-map
 match access-list mss_allow_list
policy-map mss-map
 class mss-map
  set connection advanced-options tcp-mss-map
service-policy mss-map interface outside
0
 

Author Comment

by:eleeexpertsexchange
ID: 20276812
This works. Thanks very much

0
 
LVL 1

Expert Comment

by:Eirejp
ID: 34236429
No luck I am afraid.

I applied the configuration without error but one command did not show up in the show run as if it was already the default.
"exceed-mss allow"

So it looks like it applied a empty policy to the external interface. I tried a couple of times but the tcp-map tcp-mss-map comes up blank.

I am still see these sorts of errors in the logs.



6	Nov 30 2010	14:37:09						PMTU-D packet 1420 bytes greater than effective mtu 1050, dest_addr=[WAN IP], src_addr=[Random web site], prot=tcp

Open in new window

0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question