tcp-mss (Security Flow)
Statement introduced in Junos OS Release 8.5.
Configure TCP maximum segment size (TCP MSS) for the following packet types:
All TCP packets for network traffic.
GRE packets entering the IPsec VPN tunnel.
GRE packets exiting the IPsec VPN tunnel.
TCP packets entering the IPsec VPN tunnel.
If all the four TCP MSS options are configured simultaneously, then the order of preference is as follows:
If TCP packet enters an IPsec VPN tunnel, then an ipsec-vpn mss value has high priority over all-tcp mss value, hence ipsec-vpn mss value is set.
If TCP packet enters GRE , then gre-in mss value overrides all-tcp mss value, hence gre-in mss value is set.
If TCP packet exits GRE, then all-tcp mss value overrides gre-in mss value, hence all-tcp mss value is set.
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
security—To view this in the configuration.
security-control—To add this to the configuration.