The banks (specifically the ASB and National Bank) complete lack of regard for ensuring a consistent delivery of IP packets to end users annoys me greatly. Imagine if every IP provider took this same lack of regard. I take particular issue with the statement that they have only had two complaints in 4 years. I've personally made more complaints on behalf of customers than this. They simply choose not to listen. Below is a list of ICMP packets that I think everyone should at a minimum allow through. access-list 101 permit icmp any any unreachable access-list 101 permit icmp any any packet-too-big access-list 101 permit icmp any any time-exceeded I also think these types have some merit. access-list 101 permit icmp any any echo-reply access-list 101 permit icmp any any traceroute access-list 101 permit icmp any any administratively-prohibited -----Original Message----- From: owner-nznog(a)list.waikato.ac.nz [mailto:owner-nznog(a)list.waikato.ac.nz] On Behalf Of Craig Whitmore Sent: Wednesday, 24 July 2002 9:37 p.m. To: nznog(a)list.waikato.ac.nz Subject: Banking Problems and MTU I was wondering what people think about this latest story.. http://www.idg.net.nz/webhome.nsf/UNID/4AA2988B4A1835C5CC256BFF0014A6A8! opendocument (a more technical expanation from Cisco of the problem http://www.cisco.com/warp/public/105/56.html) I've noticed this problem for ages (for example the ASB's site) when viewing their pages via a GRE tunnel (or the inability to). Is blocking _all_ ICMP types the wrong thing to do? (in paticular type 3 (unreacable), subtype 4(needs fragmentation) for PMTU Discovery) and basiclly breaking their website for people who have paths who get fragmented TCP/IP Packets) Thanks Craig Whitmore - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog