<div>
Thank you. I ended up creating a capture filter for dropped ASP and this gave me what I needed.
</div>


Thank you. I ended up creating a capture filter for dropped ASP and this gave me what I needed.

<div>
<div class="content wysiwyg-content">
I am tracking down an issue where a router need o fragment a packet but the DF is set. The router sends an ICMP unreachable message need to fragment but df set. I created a capture on the ASA firewall to see if the ICMP packed it alloed through or dropped. <br />
<br />
Capture capin int inside match icmp any any<br />
Capture capout outside match icmp any any<br />
<br />
<br />
the following is captured and displayed when I do a show capture capin:<br />
<br />
1871: 23:01:20.632306 &nbsp; &nbsp; &nbsp; 172.25.251.46 &gt;&nbsp;91.216.63.241: icmp: 172.12.18.218 unreachable - need to frag (mtu 1420)<br />
<br />
How can I see if the Firewall is allowing this ICMP or dropping it? I would like to know what is happening with it.<br />
<br />
Thanks
</div>
</div>


I am tracking down an issue where a router need o fragment a packet but the DF is set. The router sends an ICMP unreachable message need to fragment but df set. I created a capture on the ASA firewall to see if the ICMP packed it alloed through or dropped. 

Capture capin int inside match icmp any any
Capture capout outside match icmp any any


the following is captured and displayed when I do a show capture capin:

1871: 23:01:20.632306       172.25.251.46 > 91.216.63.241: icmp: 172.12.18.218 unreachable - need to frag (mtu 1420)

How can I see if the Firewall is allowing this ICMP or dropping it? I would like to know what is happening with it.

Thanks

ASA allowing/dropping ICMP unreachable?

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.

Hardware Firewalls

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.

Security

Networking hardware includes the physical devices facilitating the use of a computer network. Typically, networking hardware includes gateways, routers, network bridges, modems, wireless access points, networking cables, line drivers, switches, hubs, and repeaters. But it also includes hybrid network devices such as multilayer switches, protocol converters, bridge routers, proxy servers, firewalls, network address translators, multiplexers, network interface controllers, wireless network interface controllers, ISDN terminal adapters and other related hardware.