Avatar of mysticswami
 asked on

ASA-5505 & PPPoE MTU issues


Having an issue with a DSL circuit.  We have the Actiontec DSL modem in transparent bridge mode.  The modem defaults to an MTU of 1500 when set this way.

I am able to get the circuit up on the ASA via PPPoE username/password.  I have set the MTU on the ASA to 1500, 1492, 1464, and 1424.  No matter what this is set to on the ASA it results in web traffic being extremely slow and/or fails to load.  I recognized this as a probable MTU issue and did a WireShark packet capture that shows Header Checksum errors, may be caused by IP checksum offload? and an occasional "Malformed Packet".

Attached is a sho run of the ASA.  Would really appreciate any ideas on this one.  I can't seem to set the MTU on the ASA to resolve this.  I opened a case with Cisco TAC a week ago, but so far they have been less than helpful/timely in their response.  Hoping I might have better luck here.

Hardware FirewallsBroadbandNetworking Hardware-Other

Avatar of undefined
Last Comment

8/22/2022 - Mon
Imal Upalakshitha

i'm sure this is not an issue with MTU value. speed should be ok with default value. i think it is a physical issue like connectivity, signal condition, line condition

If you configure a laptop with the same setting as the outside interface of your ASA and plug this in instead of the ASA do you get issues with speed?

The interface your are connecting the to the ASA will act just as a standard Ethernet interface - I think MTU is a red herring for you on this one. MTU just defines the max size of a packet that can be transmitted.

Defo look into your cabling - make sure you have ADSL filters replaced as well

Can you use another DSL modem? Ive never seen/heard of this manufacturer... Sometimes with these boxes they do functions in hardware that aren't 'REAL' networking - like fudging traditional port forwarding etc... I would replace it with a plain old Netgear DG834 - disable all the NAT/Firewall options and test from there.

My gut is that this is a modem/cable issue - I think your ASA is not the cause of this.

Thanks for the input.  I was thinking MTU simply due to the following facts:

1.  When we place the modem in PPPoE mode, it defaults to a 1492 MTU (again for DSL) and traffic works normally (the ASA gets a DHCP addy from modem in this configuration).  
However, if we put the modem into transparent bridge mode and configure the ASA for PPPoE we have the problems.

2.  I thought of cabling and so far we have replaced RJ11 and CATV between circuit/modem and modem/ASA.

3.  When in bridge mode if I do: ping google.com -f -l 1464 it works.  Any higher and I get the following from the internal interface of the ASA.  So I still am thinking it's the ASA and it seems related to the MTU (maybe a red herring, but packet size is an issue based on above tests).  Thoughts/Ideas?

Reply from Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question

Cisco TAC provided solution.