In logging if Cisco ASA is showing “MSS Exceeded” error message what you will do?

We know that the Cisco ASA drops the packets that exceed the MSS value advertised by the client. We can bypass this behaviors by MPF (Modular Policy Framework)

=================================================
Cisco-ASA(config)#access-list select_traffic permit tcp any host 192.168.9.2
Cisco-ASA#configure terminal
Cisco-ASA(config)#class-map cm_allow_mss
Cisco-ASA(config-cmap)#match access-list select_traffic
Cisco-ASA(config-cmap)#exit
Cisco-ASA(config)#tcp-map mss-map
Cisco-ASA(config-tcp-map)#exceed-mss allow
Cisco-ASA(config-tcp-map)#exit
Cisco-ASA(config)#policy-map pm_allow_mss
Cisco-ASA(config-pmap)#class cm_allow_mss
Cisco-ASA(config-pmap-c)#set connection advanced-options mss-map
Cisco-ASA(config-pmap-c)#exit
Cisco-ASA(config-pmap)#exit
Cisco-ASA(config)#service-policy pm_allow-mss interface outside
=================================================


I found the perfect book to prepare for the CCNP Security certification check out the CCNP Security firewall. It is available on Amazon.in & on Amazon.com