Cisco ASA 5510 MSS Issue - Firewalls

This is a discussion on Cisco ASA 5510 MSS Issue - Firewalls ; I have a Cisco ASA 5510 appliance at my corporate office and cisco 1811's at our branch sites. I am troubleshooting some connectivity issues with a new Exchange server on the network. Troubleshooting as led me to think that the ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Cisco ASA 5510 MSS Issue

  1. Cisco ASA 5510 MSS Issue

    I have a Cisco ASA 5510 appliance at my corporate office and cisco
    1811's at our branch sites. I am troubleshooting some connectivity
    issues with a new Exchange server on the network. Troubleshooting as
    led me to think that the problem is a fragmentation issue on the
    network. When I started looking at the router configs ( 1811 ) i
    noticed that the previous network admin had set the default mss size
    to 1300, however no one could tell me why this had been done. I have
    heard of this being done to resolve some web browsing errors, but I
    have removed the setting and no one is complaining. Since removing the
    mss setting on the 1811's I can now send a test ping with don't
    fragment flag and a size of 1442 from all branch sites into the
    corporate router. This a substantial increase from before when the
    size was being limited to 1300 or less. However going out from corp
    the largest packet I can send is 1250. I have checked and rechecked
    the ASA config file and can find no setting to lower the mss or mtu
    size.


    Anyone have any thoughts ?

    Thanks

  2. Re: Cisco ASA 5510 MSS Issue

    On Feb 18, 4:43*pm, "dangent...@gmail.com"
    wrote:
    I have checked and rechecked
    > the ASA config file and can find no setting to lower the mss or mtu
    > size.
    >
    > Anyone have any thoughts ?

    MTU
    mtu Outside xxx
    MSS
    sysopt connection tcp-mss xxx

    see also http://cisco.com/en/US/products/ps61...8081e621.shtml
    and
    http://www.cisco.com/warp/public/471...804c8b9f.shtml

    Br.
    Robby

  3. Re: Cisco ASA 5510 MSS Issue

    i added the following to my asa

    >
    > MTU
    > mtu Outside 1492 ( as per my ISP )
    > MSS
    > sysopt connection tcp-mss 1380 ( max for ASA )

    Then on my branch routers I added

    ip tcp mss 1380 ( to match with the ASA )

    This has helped, I am able to send ping x.x.x.x -f -l 1414 around to
    all sites now. However, I am still having a problem with exchange.
    Users running outlook constantly see messages that the connection to
    the server has been lost and restored all day long. Corp office
    ( exchange is part of local subnet here ) do not see the message. My
    research on this problem led us to think that it was a problem with
    fragmentation on the network this the original post. Any one have any
    thoughts now, or run into anything similar ?

    Thanks
+ Reply to Thread
« OSX Leopard: Firewall in stealth mode | Re: [fw-wiz] syslog and network management »