The ASA interface has an MTU. But you can allow up to certain number of IP fragments. So for example if you use 1 then a total of 1500bytes of IP packets (header+payload) will be allowed per IP packet (even fragmented packets).
Yes I can configure the MTU on the ASA interfaces, but the command is entered "globaly" on an interface, i.e. I mean that the command is applied for both incoming and outcoming packets. The thing is that I want to drop incoming packets on an interface which size is greater than, let's say 100 Bytes.
So with your method, do you think if I use the following commands, it will work?
#fragment chain 1 inside
#fragment size 100 inside
And even if it worked, would it be enable only for incoming packets?
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...