This section describes possibly unexpected behavior that are resolved in Release 12.2(2)XH.
CSCds69577
Starting with Release 12.2(2)XH, you can resolve this problem by changing the value of the maximum segment size (MSS) contained in the MTU to 1492 or less. Use the following IOS command:
ip tcp adjust-mss mss
where mss is 1492 or less.
Post-mortem: this seems to work. Hoever, mss is 1460 or less, assuming mtu is 1492. dsl1.ahr(config-if)#ip tcp adjust-mss ? <500-1460> Maximum segment size in bytes Key (which took me a moment to figure out): the mss MUST be AT LEAST 32 bytes or more less than MTU; for a while, I had MTU set to 1400 on the aggregation side, and didn't realise it, and this didn't work. As soon as I upped the MTU to 1492, all started working, including all broken sites and quicken.