troubleshooter141
asked on
ASA allowing/dropping ICMP unreachable?
I am tracking down an issue where a router need o fragment a packet but the DF is set. The router sends an ICMP unreachable message need to fragment but df set. I created a capture on the ASA firewall to see if the ICMP packed it alloed through or dropped.
Capture capin int inside match icmp any any
Capture capout outside match icmp any any
the following is captured and displayed when I do a show capture capin:
1871: 23:01:20.632306 172.25.251.46 > 91.216.63.241: icmp: 172.12.18.218 unreachable - need to frag (mtu 1420)
How can I see if the Firewall is allowing this ICMP or dropping it? I would like to know what is happening with it.
Thanks
Capture capin int inside match icmp any any
Capture capout outside match icmp any any
the following is captured and displayed when I do a show capture capin:
1871: 23:01:20.632306 172.25.251.46 > 91.216.63.241: icmp: 172.12.18.218 unreachable - need to frag (mtu 1420)
How can I see if the Firewall is allowing this ICMP or dropping it? I would like to know what is happening with it.
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER