Solved

Recommened MSS Value Setting

Posted on 2009-07-05
4
1,209 Views
Last Modified: 2012-05-07
I would like to know the recommened MSS value settings in Cisco ASA 5510.
I am using Cisco ASA 5510 to connect to internet & NATing is enabled to it.

I am getting the following alerts in the Cisco ASA. Default MSS is configured in the Cisco ASA

%ASA-4-419001: Dropping TCP packet from outside:1.1.1.1/80 to inside:2.2.2.2/59924, reason: MSS exceeded, MSS 1380, data 1460

Would like to know what is the recommended MSS settings to be configured so that the packets are not rejected.

0
Comment
Question by:SrikantRajeev
  • 3
4 Comments
 
LVL 14

Expert Comment

by:uucknaaa
Comment Utility
Hi

Here's a Cisco document that explains the problem and has a workaround:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804c8b9f.shtml

I'm checking a couple of other solutions.  I'll be back.
0
 
LVL 14

Expert Comment

by:uucknaaa
Comment Utility
And ..

I've been reading this:

http://www.cisco.com/en/US/tech/tk870/tk877/tk880/technologies_tech_note09186a008011a218.shtml

and am wondering if the parameter needs to be adjusted in Windows?  

Check it out and see what you think?
0
 
LVL 14

Accepted Solution

by:
uucknaaa earned 500 total points
Comment Utility
Hi

It looks like the recommended size is 1452.  There is an explanation in the usage guidelines for the command in this doc:

http://www.cisco.com/en/US/docs/ios/12_3/wan/command/reference/wan_i1g.html

Hope this all helps the problem you are seeing.
0
 
LVL 1

Author Closing Comment

by:SrikantRajeev
Comment Utility
Thanks
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
This video discusses moving either the default database or any database to a new volume.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now