we have a asa-asa connection between 2 buildings with ipsec and a gre tunnel between them because we use eigrp for this network.the tunnel is ok works perfect but i get syslog messages like :
Aug 13 17:04:54 FWH50031 %ASA-4-313005: No matching connection for ICMP error message: icmp src outside:18.104.22.168 dst inside:22.214.171.124 (type 3, code 4) on outside interface. Original IP payload: <unknown>.
Aug 13 17:05:04 FWH50031 %ASA-6-602101: PMTU-D packet 1462 bytes greater than effective mtu 1434, dest_addr=126.96.36.199, src_addr=188.8.131.52, prot=GRE
and we don't find anything about on cisco to adjust the PMTU-D size on the GRE Tunnel.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...