Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
329
Views
5
Helpful
1
Replies

ASA product line

chrisv2005
Level 1
Level 1

‎03-27-2009 04:00 PM - edited ‎03-11-2019 08:11 AM

Just a quick question. As far as PIX and ASA technology, is there a reason why you cannot ping test the outside/public ASA with packet sizes over 1000 or 1500 bytes?

Yes, all ICMP echos and relpy commands are present and you can ping and get replys using nomral 32 byte packets.

The problem is when you ping the outside/public interface with packets larger than 1000 or 1500 byte packets. Is there some IPS or signature rule on ASA's or PIX with IOS version 7 or 8 , that prevent such large packets?

I have noticed on various sites that this is the case on all our PIX and ASA's. Just wondering if this is a common signature on Firewall technology to protect the network from outside attacks. Your help is much appreciated. Thanks

Labels:
0 Helpful
1 Reply 1

chrisv2005
Level 1
Level 1

‎04-01-2009 10:12 AM

Just wanted to update everyone on the solution.

ASA auditing has a signature "2151" that prohibits large packet sizes beyond 992 bytes.

The command to disable this signature is: ip audit signature 2151 disable

to re-enable: no ip audit signature 2151 disable

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card