Xueyan Liu wrote: > > Since Priscilla has brought a very good point about > fragmentation, I'll add my 2 cents. Worked with pix before but > not an expert. Say PIX does fragment, would the return packet > be recognized as a valid packet for a previously established > session?
The return packets should be recognized, unless they are fragments too. But there's no requirement that return packets be fragments. If they were fragments, there would be an issue. Packets past the first one wouldn't have any UDP or TCP header to help with the recognition. When the PIX sends fragments, if it does, it should be smart enough to do its normal behavior of figuring out which packets to let back in. If a router that is upstream from the PIX has already done the fragmentation, there's more of an issue. Then the PIX probably by default doesn't forward the packets. I don't know if PIX even does fragmentation itself. Anybody know? Priscilla > > Xueyan Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61520&t=61441 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
