I have an ASA5505 with a PPPoE WAN connection. In the last days, I receive packets with a 1500bytes MTU size with the "don't fragment" bit set.
The weird thing is, the PPPoE can handle only 1492bytes.
Here the log:
%ASA-6-602101: PMTU-D packet number bytes greater than effective mtu
number dest_addr=dest_address, src_addr=source_address, prot=protocol
This message occurs when the security appliance sends an ICMP destination unreachable message and when fragmentation is needed, but the "don't-fragment" bit is set.
Here the interface settings on the firewall:
mtu inside 1500
mtu outside 1492
sysopt connection tcpmss 1492
how can I force to defragment this packet? The ISP tells me that the problem is on the firewall.....