02-06-2007 02:13 PM - edited 03-11-2019 02:29 AM
Hi,
Does the Pix have a setting as to what ICMP/Ping packets size it will permit to pass ? If so how is this configured ?
Thanks
02-06-2007 07:32 PM
yes, it does.
ip audit signature 2150 disable
ip audit signature 2151 disable
this will allow the pix to stop fragmenting
large icmp packet (2150) and allow large icmp
packet (2151) to traverse the firewall.
02-07-2007 03:32 PM
Hi David,
Thanks for the info, how do you determine what the size it will permit is ? and can yo change it ?
Regards
Stu
02-08-2007 05:56 AM
I think any icmp below 1024 bytes will bypass
signature 2150 but it will hit 2151.
Once you disable these two signatures, the icmp
packets can be as large as you like.
06-11-2008 08:19 PM
Hi,
Hope fine. Can you please tell me how can I make a limit on the ICMP Payload in my Router and not allow more than 512 Payloaded ICMP. Actually I am having lots of Large_ICMP Alerts in my IPS. Any config details will be appreciated.
Regards
Adnan
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: