Normally the PIX is connected to an ethernet interface either on a
switch or to router directly with a cross-over cable. In either case
the router does not allow you to modify the mtu size on the physical
interface. So the PIX doesn't need to fragment traffic when passing it
to the adjacent router. So the answer is no, the PIX does not fragment
packet. Please let me know if am missing something.
Thanks...............Nabil
"I have never let my schooling interfere with my education."
Priscilla
Oppenheimer To:
[EMAIL PROTECTED]
Subject: RE: MTU and TCP in PIX
[7:61441]
Sent
by:
nobody@groupstudy
.com
01/22/2003
06:58
PM
Please respond
to
Priscilla
Oppenheimer
BJ Rice wrote:
>
> Actually the PIX by default will allow fragmented packets.
That's not very nice of it. :-)
> This can be a vulnerability for the PIX. A good policy is to
> enable FragGuard on the PIX. This insures the PIX sees the
> entire seegmented packet before letting it pass through its
> outside interface.
That wasn't the question, though. The question is will the PIX fragment
packets? It acts more or less like a router, doesn't it? If a 1500 byte
packet came in and needed to be forwarded to an interface that has only
a
500 byte MTU, would the PIX fragment?
Maybe it's not an issue because MTUs usually match on PIX interfaces?
But
they don't necessarily match and they can be changed.
Priscilla
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=61675&t=61441
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
