Why Security Alerts? Okay wrong area, but ICMP must be the most commonly blocked protocol on the planet, yet in today’s VPN/tunnelled world, it can be the most vital one to get right!
If you find that your’e having trouble over restricted MTU links, try this on your Cisco 12.2.4 onwards: ip tcp adjust-mss 1350.
This will ‘tweak’ SYN packets as they pass through the router and make sure that both ends negotiate an MTU that is far more likely not to result in ICMP ‘Fragmentation Needed but DF bit set’ errors (dead connections without ICMP working!).
Not really an RFC compliant thing to do, but trust me, this seems like a good fix!