Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Help with MTU issue - firewall blocking large ICMP packets


We have a 3rd party provided fibre connection to a remote office. 

I've been troubleshooting an MTU issue with large ICMP packets > 1023 being dropped over the WAN link. 

This occurs when the DF bit is NOT set.  From my experience this is not normal behaviour.  Typically I think packets should be fragmented and the pings would be successful.  In contrast If I set the DF bit any packets > 1023 packets report back as requiring fragmentation.  I believe this is normal behaviour.

I've talked to our fibre provider, and they've advised they have firewall in their network that is configured with large ICMP packet protection.  This seems to be the cause of the issue.

Would this configuration break anything? I believe PMTU discovery would still work? 

(To give some background, the reason I've been investigating this issue is due to intermitent network peformance across the WAN link.  As well as investigating all the usual suspects inc bandwidth congestion I just want to eliminate this MTU issue as a potential factor)

Many thanks in advance.

Everyone's tags (7)
New Member

Help with MTU issue - firewall blocking large ICMP packets

Just a self update to advise this was not breaking PMTU.  The firewall in the providers network was only blocking large ICMP packets > 1023 bytes.

CreatePlease login to create content