Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA product line

Just a quick question. As far as PIX and ASA technology, is there a reason why you cannot ping test the outside/public ASA with packet sizes over 1000 or 1500 bytes?

Yes, all ICMP echos and relpy commands are present and you can ping and get replys using nomral 32 byte packets.

The problem is when you ping the outside/public interface with packets larger than 1000 or 1500 byte packets. Is there some IPS or signature rule on ASA's or PIX with IOS version 7 or 8 , that prevent such large packets?

I have noticed on various sites that this is the case on all our PIX and ASA's. Just wondering if this is a common signature on Firewall technology to protect the network from outside attacks. Your help is much appreciated. Thanks

1 REPLY
New Member

Re: ASA product line

Just wanted to update everyone on the solution.

ASA auditing has a signature "2151" that prohibits large packet sizes beyond 992 bytes.

The command to disable this signature is: ip audit signature 2151 disable

to re-enable: no ip audit signature 2151 disable

140
Views
5
Helpful
1
Replies
CreatePlease to create content