Replacing pix515 with ASA5510 results into MTU problems.
- From: "Sebas" <relaxteb@xxxxxxxxx>
- Date: 10 May 2006 06:28:41 -0700
Hi all,
We've replaced our old PIX 515 firewall with a newly bought ASA 5510.
Now some of our customers complain because they can not login on our
website.
We use the Verisign Certificates plugin to authenticate users on our
website.
Everything else is working exept the login procedure.
Now a helpdesk employee of some internet provider told a customer to
lower the MTU, it seemed that using some kind of application (as for
example our verisign plugin) resulted in failing connections.
The customer lowered the MTU and indeed, the problem disappeared.
Now for as far i know, i have the exactly same configuration on our ASA
as we had on our PIX.
I even allowed all ICMP on inside and outside interfaces to allow "ICMP
can't fragment (type 3, code 4)" and Path MTU Discovery.
Still, when users do not lower their MTU, they can not login.
Can anybody help me what config i should check or what debugging i
should monitor ?
Thanks in advance !
Sebastian
.
- Follow-Ups:
- Re: Replacing pix515 with ASA5510 results into MTU problems.
- From: Thorsten Dahm
- Re: Replacing pix515 with ASA5510 results into MTU problems.
- Prev by Date: Re: cisco integration with LDAP
- Next by Date: Re: Two PIX's & a Router
- Previous by thread: VPN - Lan-to-Lan - Concentrator to 870 router traffic stops then starts once per day
- Next by thread: Re: Replacing pix515 with ASA5510 results into MTU problems.
- Index(es):
Relevant Pages
|
