You can read more about it on the links below, there are some suggestions. Please be aware that I have not yet tested it myself on any ASA that is in production so I don't know how well the suggestions actually work.
"Mitigation Different kinds of mitigations can be implemented to minimise the impact of the attack. On firewalls and other kinds of equipment a list of trusted sources for which ICMP is allowed could be configured. Disabling ICMP Type 3 Code 3 on the WAN interface can mitigate the attackquite easily. This is the best mitigation weknow of so far."
This seems to be affecting all ASAs, we ran those tests yesterday and a 5545 increased to 42% CPU and a 5585 ssp20 took a 9% cpu-hit from just one computer with the same test. The fewer cores your ASA has the worse the impact seems to be.
If you are under attack I think your best bet is to filter it out further out in the network. I.e. configure a PACL on a switch between your ISP and your ASA that blocks icmp unreachable before it hits your ASA, that is until the original issue has been solved properly.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :