Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
572
Views
0
Helpful
2
Replies

Large Ping Packets Dropped (PIX)

murphyw
Level 1
Level 1

‎08-10-2006 05:42 AM - edited ‎02-21-2020 01:06 AM

Hi everyone,

I am hoping someone can point me in the right direction here. I have just plugged in a Pix 535 (with an allow ip any any access list on all interfaces) into the core of our network. I have also configured it to not do any NAT's and purely route (same-security-traffic permit inter-interface & no nat control).

I have noticed that now the new firewall is in place, i cannot ping through the firewall with packets larger then 1473bytes. I am just wondering if this is normal behaviour and/or could it cause any performance issues ?

(i have just noticed if i do a ping to x.y.z.254 [router] with 1500bytes, it works ok. If i do x.y.z.200 [client] it only works to 1472bytes then starts failing)

Thanks very much in advance.

0 Helpful
2 Replies 2

eh2os
Level 1
Level 1

‎08-10-2006 07:03 AM

Not sure this is the same thing, but the IDS functionality of the PIX IOS drops packet above a certain size due to security concerns. I could not pass packets about 993bytes or something like that on PIX 506E's running 6.3.4 until I disable a couple of the ip attacke audit blah blah blah lines. Just a thought.

Eric Watters

Atlanta, Ga.

0 Helpful

murphyw
Level 1
Level 1
In response to eh2os

‎08-15-2006 07:45 AM

Thanks for you reply, it apears to be doing the same issue even routing through a layer 3 switch instead. Not to worry, bigger issues now :)

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card