Support Center > Search Results > SecureKnowledge Details
MSS clamping is not working properly with SecureXL Technical Level
Symptoms
  • MSS clamping is not working properly with SecureXL.
  • The following is displayed when running tcpdump ([Expert@firewallname]# tcpdump -i any -s0 -nn 'host 192.168.221.10 and host 192.168.44.10 and tcp[tcpflags] & (tcp-syn) != 0' -v):
    192.168.44.10.64414 > 192.168.221.10.80: S, cksum 0xf8fc (correct), 3508469407:3508469407(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
    192.168.44.10.64414 > 192.168.221.10.80: S, cksum 0xf938 (correct), 3508469407:3508469407(0) win 8192 <mss 1400,nop,wscale 8,nop,nop,sackOK>
    192.168.221.10.80 > 192.168.44.10.64414: S, cksum 0xa40a (correct), 375123064:375123064(0) ack 3508469408 win 29200 <mss 1460,nop,nop,sackOK,nop,wscale 5>
    192.168.221.10.80 > 192.168.44.10.64414: S, cksum 0xa40a (correct), 375123064:375123064(0) ack 3508469408 win 29200 <mss 1460,nop,nop,sackOK,nop,wscale 5>
    
Cause

MSS_clamping works on one of the interfaces but not on the other.


Solution
Note: To view this solution you need to Sign In .