t: Sunday, May 04, 2014 6:40 AM
To: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] ASA 5520 icmp error inspection not functioning after
upgrade
On May 4, 2014, at 11:16 AM, vinny_abe...@dell.com wrote:
> I've always allowed echo-reply in the outside interface as well as
> ttl-excee
On May 4, 2014, at 11:16 AM, vinny_abe...@dell.com wrote:
> I've always allowed echo-reply in the outside interface as well as
> ttl-exceeded in the access-list applied to it.
You should also allow ICMP type-3/code-4, or you're breaking PMTU-D.
-
Hi ASA firewall gurus,
I recently upgraded a pair of ASA 5520's from 8.2(5)48 up to 9.1(5). I followed
the outlined upgrade path. I've got a DMZ with public IP's and no NAT involved
on one interface. Here, everything works as expected. The is another inside
interface which has dynamic NAT setup