ASA product line

Unanswered Question
Mar 27th, 2009

Just a quick question. As far as PIX and ASA technology, is there a reason why you cannot ping test the outside/public ASA with packet sizes over 1000 or 1500 bytes?

Yes, all ICMP echos and relpy commands are present and you can ping and get replys using nomral 32 byte packets.

The problem is when you ping the outside/public interface with packets larger than 1000 or 1500 byte packets. Is there some IPS or signature rule on ASA's or PIX with IOS version 7 or 8 , that prevent such large packets?

I have noticed on various sites that this is the case on all our PIX and ASA's. Just wondering if this is a common signature on Firewall technology to protect the network from outside attacks. Your help is much appreciated. Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
chrisv2005 Wed, 04/01/2009 - 10:12

Just wanted to update everyone on the solution.

ASA auditing has a signature "2151" that prohibits large packet sizes beyond 992 bytes.

The command to disable this signature is: ip audit signature 2151 disable

to re-enable: no ip audit signature 2151 disable

Actions

This Discussion