On Oct 14, 2008, at 1:59 PM, Sean Carolan wrote: > If you've ever dealt with with one of these paranoid Mordac-type > security managers you know exactly what I'm talking about. In our > case the path of least resistance was to disable pmtu discovery, and > tell the customer that we've done all we possibly can to alleviate the > issue on our end. Hopefully they come to their senses and allow ICMP > packets like every major ISP and mail provider on the Internet. Yes, but then you have broken your equipment, and possibly lost the ability to communicate with many more customers. Yes, I've dealt with these people. If they turn off all ICMP, they often drop fragments as well, making the problem even worse. You can sometimes get them to listen by asking them if their Internet access seems a little "weird" in that some sites work sometimes or downloads are slow or they can't get some email :-) They'll usually say yes and then you might be able to get them to listen, and hopefully send them a bill. --Chris