Setting icmp unreachables limit - ASA

How to set up icmp unreachable limit in ASA (Software Version 7.0(6))? I tried with icmp unreachable rate-limit command, but it seems that this command is not supported on my ASA. The reason I want to change defaults is that I want my ASA generates such messages a little bit faster because I believe that default value causes some problems with specific connections.

regards

Reply to
Pseto
Loading thread data ...

Do you mind to describe what kind of connections are those? I can think of the only scenario where ICMP unreachables are used - path MTU discovery. And ASA (as PIX) has sysopt command to lower MSS. If I remember correctly it's 1300 by default.

Regards, Andrey.

Reply to
Andrey Tarasov

it's Cisco VPN client behind my ASA that needs to connect to the LAN behind Cisco 851 router with EasyVPN server on it. This 851 router is connected to the Internet with PPPoE. I manage to establish vpn client successfully with tens of other easy vpn servers (not connected with pppoe), but this one. On the other side, I can establish connection with this pppoe vpn server if the client is behind Linksys broadband router with pppoe connection... So, I believe it has to be MTU issue. Since it's about udp connection I don't see how mss would help. Inspecting traffic with wireshark I noticed the following: sending ping (with df set) packets exceeding MTU value of outside ASA interface forces ASA to send unreachables, but it sends maybe one or two unreachable packets per minute. Maybe vpn client connection time out interval is too short, so it don't see unreachables and cannot perform pmtud.

Reply to
Pseto

It appears that after all problem lies somewhere in my ISP network. I just plugged my laptop instead of ASA right behind ISP router and vpn connection still does not work?! ;)

regards

Reply to
Pseto

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.