Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PING PROBLEM

Status
Not open for further replies.
rrgg

rrgg

Technical User
Jun 20, 2003
35
IT
Hi all, I have this situation:
PC - PIX 506 - Router - WAN - Router - AS400
this is my problem:
I ping by my PC the remote AS/400 by this command:
PING AS/400 -l 1472
I obtain correct response.
PING as/400 -l 1500
I obtain time out.
It seams my PIX 506 doesn't fragment packet.

How to solve this???

Tks for any answer.

rrgg
 
Sort by date Sort by votes
You should be able to change the MTU settings in the PIX. I don't know the exact command sorry.
 
Upvote 0 Downvote
hi, set the mtu with...

mtu outside 1500
mtu inside 1500

hope that helps :)

Anthony.
 
Upvote 0 Downvote
Thanks for answers,
The MTU size is default (1500)

sh mtu --> inside 1500 outside 1500

I hope impossibility to fragment packet.

How to do this?
 
Upvote 0 Downvote
The -l specifies the payload size, not the overall size of the ICMP packet, you have the address and header overhead on top of the payload that you specify, something like 40 bytes. Unless you set the DF bit it should fragment.
Have you set debug icmp trace on ther pix to see the ICMP gets through? Have you used a sniffer or access lists on the 2 routers to see if the ICMP is getting there?
 
Upvote 0 Downvote
TKS for answers.
I decide that PIX is cause of the problem because without PIX (I set on one PC the same IP address of the PIX) the PING work correctly. I need to adjust this because AS/400 has MTU size set to 1496 and is not possible change it.
In access list I alredy have:
access-list inbound permit icmp any any echo-reply

By console I set my PIX in debug mode:

debug icmp trace

when I send ping with size = or < 1472 I see on console various information about icmp traffic

when I send ping with size > 1472 I see nothing.

Re-TKS
 
Upvote 0 Downvote
Then setup the MTU on the outside interface for 1492.
 
Upvote 0 Downvote
here is what I get when shoving a 2000 byte ping through a pix. (It came from a cisco switch, I'm convinced that windows behaves slightly differently.) Odd thing is that the pix reports is as being 1480+500=1980, I specified a 2000 byte payload.


149: ICMP echo-request from inside:192.168.14.3 to 192.168.85.74 ID=488 seq=5055 length=1480
150: Fragmented ICMP echo-request from inside:192.168.14.3 to 192.168.85.74: ID=488 offset=1480 length=500
151: ICMP echo-reply from outside:192.168.85.74 to 192.168.14.3 ID=488 seq=5055 length=1980

and without any size parameters

169: ICMP echo-request from inside:192.168.14.3 to 192.168.85.74 ID=3241 seq=9730 length=80
170: ICMP echo-reply from outside:192.168.85.74 to 192.168.14.3 ID=3241 seq=9730 length=80

anyway you can see the fragmented request arriving at the firewall. If your firewall is not showing the packets arriving then I would suggest you do a packet capture and see what is going on over your local segment.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Garbear
  • Locked
  • Question
TZ190 VPN Connection works but can't ping some IP's on either side
Replies
0
Views
240
Garbear
Garbear
ITSUPPORTIT
  • Locked
  • Question
VPN from ASA 5510 and RV215W problem
Replies
0
Views
231
ITSUPPORTIT
ITSUPPORTIT
sabin808
  • Locked
  • Question
TZ205 | Unable to ping WAN IP from LOCAL ZONE
Replies
0
Views
175
sabin808
sabin808
Shad0wguy
  • Locked
  • Question
Unable to ping specific IP across interfaces, can ping on same interface
Replies
6
Views
511
Shad0wguy
Shad0wguy
quazimotto
  • Locked
  • Question
Ping thru PIX to subnet inside??!!
Replies
0
Views
198
quazimotto
quazimotto

Part and Inventory Search

Sponsor

Back
Top