Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Large or oversized ping packets (ICMP packets) cannot be sent through the PIX Firewall, and the user receives the %ASA-4-400024: IDS:2151 Large ICMP packet from to on interface outside syslog message

Core issue

Pings are limited to 992 bytes on the outside interface of the PIX or Adaptive Security Appliance (ASA).

For more details, refer to Signature ID's and system message numbers.


For a workaround,

Ensure that signature 2151 is disabled in the configuration. The signature can be disabled by issuing the ip audit signature 2151 disable command.

The command is issued to ensure that large-sized pings are allowed through.

Version history
Revision #:
1 of 1
Last update:
‎06-22-2009 04:43 PM
Updated by:
Labels (1)