PIX-4-419001 - Exceed MSS Resolution
Message Type: %PIX-4-419001
Message Description: Exceed MSS Resolution
Device : PIX
Software Version: 7.x
Chassis: 5xx
Scenario: Out side world is not able to access the web server in DMZ with ip address 192.168.1.3.PIX syslog says that MSS exceeded, MSS 1380, data 1460 .
Diagnose: Pix is dropping the packet due to default policy.
Resolution:
pixfirewall(config)#access-list http-list2 permit tcp any host 192.168.1.3
pixfirewall(config)#
pixfirewall#configure terminal
pixfirewall(config)#
pixfirewall(config)#class-map http-map1
pixfirewall(config-cmap)#match access-list http-list2
pixfirewall(config-cmap)#exit
pixfirewall(config)#tcp-map mss-map
pixfirewall(config-tcp-map)#exceed-mss allow
pixfirewall(config-tcp-map)#exit
pixfirewall(config)#policy-map http-map1
pixfirewall(config-pmap)#class http-map1
pixfirewall(config-pmap-c)#set connection advanced-options mss-map
pixfirewall(config-pmap-c)#exit
pixfirewall(config-pmap)#exit
pixfirewall(config)#service-policy http-map1 interface outside
and Done.
IPS
Need to know more on McAfee IPS.Help me out!
Post new comment