Как с этим бороться???Apr 07 2006 12:05:52 pixfirewall : %PIX-4-419001: Dropping TCP packet from DMZ:10.111.1.5/63596 to outside:80.91.163.7/25, reason: MSS exceeded, MSS 1380, data 1460
Apr 07 2006 12:05:55 pixfirewall : %PIX-4-419001: Dropping TCP packet from DMZ:10.111.1.5/63596 to outside:80.91.163.7/25, reason: MSS exceeded, MSS 1380, data 1460
Apr 07 2006 12:06:00 pixfirewall : %PIX-4-419001: Dropping TCP packet from DMZ:10.111.1.5/63596 to outside:80.91.163.7/25, reason: MSS exceeded, MSS 1380, data 1460
Apr 07 2006 12:06:10 pixfirewall : %PIX-4-419001: Dropping TCP packet from DMZ:10.111.1.5/63596 to outside:80.91.163.7/25, reason: MSS exceeded, MSS 1380, datсделал как у сиски написано
object-group network relay-farlep
network-object 213.130.25.179 255.255.255.255
network-object 213.130.24.8 255.255.255.255
............................................................
access-list capture-list-in extended permit ip object-group relay-farlep object-group DMZ_SERVERS
access-list capture-list-in extended permit ip object-group DMZ_SERVERS object-group relay-farlep
access-list capture-list-out extended permit ip object-group DMZ_SERVERS object-group relay-farlep
access-list capture-list-out extended permit ip object-group relay-farlep object-group DMZ_SERVERS
............................................................
access-list smtp-farlep extended permit tcp any object-group relay-farlep
access-list test extended permit tcp any object-group relay-farlep eq smtp
............................................................
tcp-map mss-map
exceed-mss allow
............................................................
class-map smtp-farlep
match access-list smtp-farlep
!
!
policy-map global_policy
class smtp-farlep
set connection advanced-options mss-map...............................................................
тут два варианта сопряжено.
И ни х......... почта не уходит,на эти долбаные адреса.
Подскажите где лажа!!!!
Вот этим вылечилось!!!!
same-security-traffic permit inter-interface