Navigation
Supported Platforms
tcp-mss (Security Flow)
Syntax
tcp-mss {all-tcp mss value;gre-in {mss value;}gre-out {mss value;}ipsec-vpn {mss value;}}
Hierarchy Level
[edit security flow]
Release Information
Statement introduced in Release 8.5 of Junos OS.
Description
Configure TCP maximum segment size (TCP MSS) for the following packet types:
- All TCP packets for network traffic.
- GRE packets entering the IPsec VPN tunnel.
- GRE packets exiting the IPsec VPN tunnel.
- TCP packets entering the IPsec VPN tunnel.
If all the four TCP MSS options are configured simultaneously, then the order of preference is as follows:
- If TCP packet enters an IPsec VPN tunnel, then an ipsec-vpn mss value has high priority over all-tcp mss value, hence ipsec-vpn mss value is set.
- If TCP packet enters GRE , then gre-in mss value overrides all-tcp mss value, hence gre-in mss value is set.
- If TCP packet exits GRE, then all-tcp mss value overrides gre-in mss value, hence all-tcp mss value is set.
Options
The remaining statements are explained separately.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
