[c-nsp] ASA 5520 icmp error inspection not functioning after upgrade
Dobbins, Roland
rdobbins at arbor.net
Sun May 4 06:39:55 EDT 2014
On May 4, 2014, at 11:16 AM, Vinny_Abello at Dell.com wrote:
> I've always allowed echo-reply in the outside interface as well as ttl-exceeded in the access-list applied to it.
You should also allow ICMP type-3/code-4, or you're breaking PMTU-D.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Luck is the residue of opportunity and design.
-- John Milton
More information about the cisco-nsp
mailing list