Cisco Bug: CSCul28340 - Doc: High packet loss with AnyConnect ICS+ on Android 4.4 (KitKat) 61948
Mar 15, 2016
- Cisco AnyConnect Secure Mobility Client
Known Affected Releases
Symptom: Due to a bug in Android 4.4 (KitKat) reported to Google under Issue #61948, AnyConnect users will experience High Packet Loss over their VPN connection (users will experience timeouts when attempting to access certain network resources). In the ASA logs, a syslog message will appear with text similar to "Transmitting large packet 1420 (threshold 1405)." This has been reported to Google under Issue #61948 Android 4.4 TCP advertises incorrect MSS over VPN (using VpnService) https://code.google.com/p/android/issues/detail?id=61948 End users may log in with their Google ID and flag the importance of the request as well as enter comments at the code.google link above. Conditions: Android 4.4 (KitKat) including the Google Nexus 5 AnyConnect ICS+ Workaround Until Google produces a fix for Android 4.4, VPN administrators may temporarily reduce the maximum segment size for TCP connections on the ASA with the configuration command "sysopt connection tcpmss <mss size>". The default for this parameter is 1380 bytes. Reduce this value by the difference between the values seen in the ASA logs. In the above example, the difference is 15 bytes; the value should thus be no more than 1365. Reducing this value will negatively impact performance for connected VPN users where large packets are transmitted. There is no workaround available directly for end-users until a fix is made available as a patch to Android 4.4 by Google.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases