| Message Code | PIX-4-419001 |
| Severity | Warning |
| Description | Dropping TCP packet from src_ifc:src_IP/src_port to dest_ifc:dest_IP/dest_port, reason: MSS exceeded, MSS size, data size |
| Explanation | This message is generated when the length of the TCP packet exceeds the MSS advertised in the 3-way handshake. src_ifc—Input interface name src_IP—The source IP address of the packet src_port—The source port of the packet dest_ifc—The output interface name dest_IP—The destination IP address of the packet dest_port—The destination port of the packet |
| User Action | If there is a need to allow packets that exceed the MSS, create a TCP map using the exceed-mss command, as in the following example: access-list http-list permit tcp any host server_ip eq 80 class-map http match access-list http-list tcp-map tmap exceed-mss allow policy-map global_policy |
| Reference Links |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.