Guest

Preview Tool

Cisco Bug: CSCvv58530 - ASA does not allow custom-defined TCP MSS for TO-THE-BOX traffic

Last Modified

Sep 13, 2020

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

9.8(4.25)

Description (partial)

Symptom:
The ASA uses the default MSS of 1460 bytes only.  When admin attempts to changes this to a custom value, the ASA does not actually use the custom value. It still shows the default MSS value (1460) for TO-THE-BOX traffic in captures.

Conditions:
-Configure a non-default MSS, such as "sysopt connection tcpmss 1436"
-Send a TCP SYN to the ASA
-The ASA will reply with the default MSS of 1460, not the customer value of 1436
-This problem has been seen on ASA version 9.8.4.25

Only for THROUGH-THE-BOX traffic, the sysopt settings works not for TO-THE-BOX traffic
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.