Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Large Ping Packets Dropped (PIX)

Hi everyone,

I am hoping someone can point me in the right direction here. I have just plugged in a Pix 535 (with an allow ip any any access list on all interfaces) into the core of our network. I have also configured it to not do any NAT's and purely route (same-security-traffic permit inter-interface & no nat control).

I have noticed that now the new firewall is in place, i cannot ping through the firewall with packets larger then 1473bytes. I am just wondering if this is normal behaviour and/or could it cause any performance issues ?

(i have just noticed if i do a ping to x.y.z.254 [router] with 1500bytes, it works ok. If i do x.y.z.200 [client] it only works to 1472bytes then starts failing)

Thanks very much in advance.

New Member

Re: Large Ping Packets Dropped (PIX)

Not sure this is the same thing, but the IDS functionality of the PIX IOS drops packet above a certain size due to security concerns. I could not pass packets about 993bytes or something like that on PIX 506E's running 6.3.4 until I disable a couple of the ip attacke audit blah blah blah lines. Just a thought.

Eric Watters

Atlanta, Ga.

New Member

Re: Large Ping Packets Dropped (PIX)

Thanks for you reply, it apears to be doing the same issue even routing through a layer 3 switch instead. Not to worry, bigger issues now :)

CreatePlease login to create content