VMware Cloud on AWS Cisco ASA VPN Gotcha

So you just got your SDDC deployed and the VPN is connected and you can ping your on-prem hosts from the cloud SDDC but you are unable to connect to them via HTTP or HTTPS. Make sure you have opened firewall ports on in the VMware Cloud on AWS Portal. If it still does not work, this may be due to a setting on your Cisco ASA firewall called Maximum Segment Size.

ciscoasa(config)# sysopt connection tcpmss 8500
ciscoasa(config)# sysopt connection tcpmss minimum 1290

For more information:

https://www.cisco.com/c/en/us/td/docs/security/asa/asa95/configuration/general/asa-95-general-config/interface-mtu.html#ID-2076-00000095

https://en.wikipedia.org/wiki/Maximum_segment_size

Remember sharing is caring!

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.