I am tracking down an issue where a router need o fragment a packet but the DF is set. The router sends an ICMP unreachable message need to fragment but df set. I created a capture on the ASA firewall to see if the ICMP packed it alloed through or dropped.
Capture capin int inside match icmp any any
Capture capout outside match icmp any any
the following is captured and displayed when I do a show capture capin:
1871: 23:01:20.632306 172.25.251.46 > 126.96.36.199: icmp: 188.8.131.52 unreachable - need to frag (mtu 1420)
How can I see if the Firewall is allowing this ICMP or dropping it? I would like to know what is happening with it.