[c-nsp] Pix question

[Jeff]

Hi all,

I have what I hope is a simple pix related question.  I have a client that
is trying to do Microsoft group policies over a vpn connection that is
created using 2 pix devices.

The group policy relies on 2 icmp packets, the first a standard 32byte icmp,
the second a larger 2048 byte ping.  The first packet makes it, the second
gets dropped.

I have found on google that icmp size on the pix is limited due to ping
floods etc.  There is also one reference to the pix being able to allow
different size icmp packets.

I would like to know what command needs to added to allow an icmp packet
size of 3k to traverse the vpn.

Google and cisco have not been much help in finding this information.

My client is running 6.3.1 on one device and 6.3.3 on the other if that
plays a factor.

Thanks very much for you help.

Jeff.