ASA product line

Unanswered Question
Mar 27th, 2009
User Badges:

Just a quick question. As far as PIX and ASA technology, is there a reason why you cannot ping test the outside/public ASA with packet sizes over 1000 or 1500 bytes?

Yes, all ICMP echos and relpy commands are present and you can ping and get replys using nomral 32 byte packets.

The problem is when you ping the outside/public interface with packets larger than 1000 or 1500 byte packets. Is there some IPS or signature rule on ASA's or PIX with IOS version 7 or 8 , that prevent such large packets?

I have noticed on various sites that this is the case on all our PIX and ASA's. Just wondering if this is a common signature on Firewall technology to protect the network from outside attacks. Your help is much appreciated. Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
chrisv2005 Wed, 04/01/2009 - 10:12
User Badges:

Just wanted to update everyone on the solution.

ASA auditing has a signature "2151" that prohibits large packet sizes beyond 992 bytes.

The command to disable this signature is: ip audit signature 2151 disable

to re-enable: no ip audit signature 2151 disable


This Discussion