Cisco ASA 5510 MSS Issue

Cisco ASA 5510 MSS Issue
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Networking Firewalls    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Cisco ASA 5510 MSS Issue dangentile@gmail.com 02-18-2008
Posted by dangentile@gmail.com on February 18, 2008, 10:43 am
If you were  Registered and logged in, you could reply and use other advanced thread options
I have a Cisco ASA 5510 appliance at my corporate office and cisco
1811's at our branch sites. I am troubleshooting some connectivity
issues with a new Exchange server on the network. Troubleshooting as
led me to think that the problem is a fragmentation issue on the
network. When I started looking at the router configs ( 1811 ) i
noticed that the previous network admin had set the default mss size
to 1300, however no one could tell me why this had been done. I have
heard of this being done to resolve some web browsing errors, but I
have removed the setting and no one is complaining. Since removing the
mss setting on the 1811's I can now send a test ping with don't
fragment flag and a size of 1442 from all branch sites into the
corporate router. This a substantial increase from before when the
size was being limited to 1300 or less. However going out from corp
the largest packet I can send is 1250. I have checked and rechecked
the ASA config file and can find no setting to lower the mss or mtu
size.


Anyone have any thoughts ?

Thanks

Posted by dangentile@gmail.com on February 25, 2008, 11:40 am
If you were  Registered and logged in, you could reply and use other advanced thread options
i added the following to my asa

>
> MTU
> mtu Outside 1492 ( as per my ISP )
> MSS
> sysopt connection tcp-mss 1380 ( max for ASA )

Then on my branch routers I added

ip tcp mss 1380 ( to match with the ASA )

This has helped, I am able to send ping x.x.x.x -f -l 1414 around to
all sites now. However, I am still having a problem with exchange.
Users running outlook constantly see messages that the connection to
the server has been lost and restored all day long. Corp office
( exchange is part of local subnet here ) do not see the message. My
research on this problem led us to think that it was a problem with
fragmentation on the network this the original post. Any one have any
thoughts now, or run into anything similar ?

Thanks

Similar ThreadsPosted
Cisco ASA 5510 September 26, 2006, 6:10 am
Cisco ASA 5510 vs. Juniter SSG 140 October 18, 2006, 7:48 pm
ASA 5510 ospf config with pix 501 August 30, 2006, 8:31 pm
Cisco PIX 501-515 Site-to-Site VPN Issue July 5, 2007, 2:06 am
Cisco pix 515+ static routes between 2 cisco pix October 13, 2005, 8:09 pm
Cisco pix 515 + static routes between 2 cisco pix October 13, 2005, 8:12 pm
WTB: CISCO WE ARE BUYING USED CISCO EQUIPMENT. February 14, 2008, 8:14 am
Pix 501 to Pix 501 VPN Issue December 28, 2005, 1:06 pm
PIX 501 issue July 24, 2006, 5:53 pm
Sonicwall VPN Issue August 1, 2004, 11:46 pm

The site map in XML format XML site map

Contact Us | Privacy Policy