[nsp] RE: OK I'm Stumped!!!!

sthaug at nethelp.no sthaug at nethelp.no
Sun Jun 6 04:59:27 EDT 2004


> Are you using the "no ip unreachables" command or doing anything to block
> icmp through your network? We ran into similar problems with users
> complaining about accessing mail or surfing because our use of "no ip
> unreachables" prevents the user from receiving ICMP messages that advise
> their machines of the need to fragment packets, which also interferes with
> Path MTU discovery.

Note that "no ip unreachables" only applies to ICMP messages generated
by the router itself. It does nothing whatsoever to block ICMP messages
generated by *other* devices in the network, passing through your router
(if it did, it would severely broken).

Steinar Haug, Nethelp consulting, sthaug at nethelp.no


More information about the cisco-nsp mailing list