The problem is that when the GRE tunnel was setup, users coming from router B could not access internet. We increased the MTU size on the tunnel interfaces of routers A and B to 1524 and now internet works but performance is affected due to fragmentation. I have done a lot of research and everything points me to lowering the MTU instead of increasing it to avoid fragmentation but when doing this internet doesn't work (set as low as 1400 while testing).
I believe that the ICMP type 3 code 4 generated by router A (if I understand correctly) are being blocked by the ASA.
In order to not disrupt production, I have been experimenting with an ASA 5505 and packet tracer to see if a ICMP packet of this nature would be allowed or blocked and it fails every time. I am not sure if this is an accurate test of whether the firewall is allowing that traffic or not but if it is, then it certainly is being blocked.
I've tried multiple things including adding the inspect icmp error to the firewall but without success.
See the test I did:
asa# config t
asa(config)# class-map icmp-class
asa(config-cmap)# match default-inspection-traffic
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...