[c-nsp] ASA 5520 icmp error inspection not functioning after upgrade

Dobbins, Roland rdobbins at arbor.net
Sun May 4 06:39:55 EDT 2014


On May 4, 2014, at 11:16 AM, Vinny_Abello at Dell.com wrote:

> I've always allowed echo-reply in the outside interface as well as ttl-exceeded in the access-list applied to it.

You should also allow ICMP type-3/code-4, or you're breaking PMTU-D.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

	  Luck is the residue of opportunity and design.

		       -- John Milton




More information about the cisco-nsp mailing list