Cisco Systems Pix & large ping packets
Bookmark this page:  YahooMyWeb Yahoo!  Google Google  Windows Live Favorites Windows Live  del.icio.us del.icio.us  digg digg  Add to Netscape Netscape
Subject Author Date
Pix & large ping packets Christoph Gartmann 05-03-07
Posted by Christoph Gartmann on May 3, 2007, 9:58 am
Please log in for more thread options
Hello,

the largest ping packet that is able to go through our PIX515 (software
version 7.2(2)) is 992 bytes. Larger packets are dropped. MTU size is 1500
and we have a statement "sysopt connection tcpmss 1460". What is necessary
to increase the possible packet size for a ping?

Regards,
   Christoph Gartmann

--
 Max-Planck-Institut fuer      Phone   : +49-761-5108-464   Fax: -452
 Immunbiologie
 Postfach 1169                 Internet: gartmann@immunbio dot mpg dot de
 D-79011  Freiburg, Germany
               http://www.immunbio.mpg.de/home/menue.html

Posted by Walter Roberson on May 3, 2007, 8:35 pm
Please log in for more thread options

The 1000 byte icmp packet limitation was introduced in 6.3, which
offered no way to adjust the maximum.

Are you getting IDS 2151 (message 400024) generated, "Large ICMP" ?
The documentation for that indicates the limit is 1024 bytes including
IP headers.

You could -try- disabling inspect icmp, but I don't know if
that will work.

I've searched through the 7.2 command reference, but do not see
any adjustment method documented.

Posted by Christoph Gartmann on May 4, 2007, 3:20 am
Please log in for more thread options
Roberson) writes:

Ah, I see.


I didn't look further into it. I simply realized the limit of 992 bytes.


It doesn't :-(

Regards,
   Christoph Gartmann

--
 Max-Planck-Institut fuer      Phone   : +49-761-5108-464   Fax: -452
 Immunbiologie
 Postfach 1169                 Internet: gartmann@immunbio dot mpg dot de
 D-79011  Freiburg, Germany
               http://www.immunbio.mpg.de/home/menue.html

Posted by Sam Wilson on May 4, 2007, 4:57 am
Please log in for more thread options
 roberson@hushmail.com (Walter Roberson) wrote:


FWSM 3.1(3) seems to OK - my colleague has just verified that we can get
7.5K pings to a host through ours, though 9K doesn't work.  We don't
know if that's a feature of the host we're testing rather than the FWSM.

Sam

Posted by Christoph Gartmann on May 4, 2007, 9:32 am
Please log in for more thread options

Now I found the following command:
   ip audit signature 2151 disable
This command is available in software version 7.x. Now the limit is at 1472
bytes. Now the question is where this one comes from ...

Regards,
   Christoph Gartmann

--
 Max-Planck-Institut fuer      Phone   : +49-761-5108-464   Fax: -452
 Immunbiologie
 Postfach 1169                 Internet: gartmann@immunbio dot mpg dot de
 D-79011  Freiburg, Germany
               http://www.immunbio.mpg.de/home/menue.html

Similar ThreadsPosted
Pix & large ping packets May 3, 2007, 9:58 am
Large amount of dropped packets on FWSM in multicontext December 5, 2006, 12:58 am
Cant Ping with packets with MTU larger than 1518 Bytes May 24, 2009, 12:32 am
VRRP : I am unable to ping the virtual address, I can only ping the backup addresses. November 12, 2008, 3:16 pm
Large-Scale Dial-Out October 16, 2005, 10:29 am
Audit of large Cisco Network February 8, 2005, 1:41 pm
Large IP Block = Lots of ARP traffic July 17, 2005, 11:10 pm
Large network and dumb switches November 15, 2006, 10:58 pm
Re: Large VLAN Project - Advise March 21, 2007, 7:34 am
3640 booting Large IOS (> 32MB) July 7, 2008, 8:24 am
interface showing large number of broadcasts September 2, 2005, 3:38 pm
Interesting problem with large file transfers August 3, 2006, 12:08 pm
Very large client network - NATing woes January 9, 2009, 12:00 am
we are liquidating large list of Ciena, Cisco, Juniper & more for clients July 7, 2007, 7:46 am
Oversize packets July 14, 2005, 2:06 am
Latest PostsForumRSS
NEWS: Android Mobile Web Market Share Steadily Rising Wireless Networking
c3560 port configuration Cisco Systems
A Strong Password Isn't the Strongest Security [telecom] General Telecommunications Forum
Control Hot Water Circ Pump With X10? General Home Automation
Telecom Hardware Cisco Certification
PROMO * MVTS II v.1.3.1-50 to 1.4.0-50 - Professional Insta... Voice-Over-IP
USB _to_ RJ45 (not from) connection Ethernet LAN
FAQ: Maximizing cable modem or DSL speed Cable Modems
CASH FOR CISCO - I BUY USED AND NEW EQUIPMENT & LOTS MOR... Telecom Technical
FAQ: Maximizing cable modem or DSL speed Digital Subscriber Line
How to set up Meridian 1 to "provide clock" to a C... Nortel Networks
New Discovery about WDM LAN and Telecom Cabling
Control Hot Water Circ Pump With X10? Home Automation
Text file to automate restoring a dropped VPN connection. Virtual Private Networks
Home Theater Installation Home Theater
Re: The Turkic Languages in a Nutshell Fiber Optics
sip Video Conferencing
Residential Cabling Guide Home Cabling Guide

Finally, an instantly downloadable book that saves you thousands in home improvement dollars! Enjoy living in 21st century technology-advanced home while increasing its selling value and competitive advantage on the real estate market. Whether your cabling is for home office or high-tech leisure, you can wire your home yourself or learn "wirish" to speak with your cabling contractors in their language!

Click Here to learn more