Hello,
the largest ping packet that is able to go through our PIX515 (software version 7.2(2)) is 992 bytes. Larger packets are dropped. MTU size is 1500 and we have a statement "sysopt connection tcpmss 1460". What is necessary to increase the possible packet size for a ping?
Regards, Christoph Gartmann
The 1000 byte icmp packet limitation was introduced in 6.3, which offered no way to adjust the maximum.
Are you getting IDS 2151 (message 400024) generated, "Large ICMP" ? The documentation for that indicates the limit is 1024 bytes including IP headers.
You could -try- disabling inspect icmp, but I don't know if that will work.
I've searched through the 7.2 command reference, but do not see any adjustment method documented.
Ah, I see.
I didn't look further into it. I simply realized the limit of 992 bytes.
It doesn't :-(
Regards, Christoph Gartmann
FWSM 3.1(3) seems to OK - my colleague has just verified that we can get
7.5K pings to a host through ours, though 9K doesn't work. We don't know if that's a feature of the host we're testing rather than the FWSM.Sam
Now I found the following command: ip audit signature 2151 disable This command is available in software version 7.x. Now the limit is at 1472 bytes. Now the question is where this one comes from ...
Regards, Christoph Gartmann
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.