CSS interface sending ICMP to PIX

Unanswered Question
Aug 16th, 2007

I have a css in one armed config. My PIX interface is getting ICMP from the CSS interface, not a service address, but the CSS interface.

The PIX is denying the requests, but I do not see where it is coming from.

They are coming more frequent that the TACACS frequency setting.

I did have some services configured with ICMP keepalives, but they are suspended.

Anyone have any ideas?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.8 (4 ratings)
Loading.
Diego Vargas Thu, 08/16/2007 - 09:05

Hi, the CSS will send a ICMP keepalive by default to its upstream device. In order to disable this, run the command:

CSS(config)# ip no-implicit-service

Hope it helps!!

Gilles Dufour Thu, 08/16/2007 - 09:33

just one remark to the info that was given here, the command 'ip no-implicit-service' only applies to newly configured routes.

Once you configured this command, you need to either reboot the CSS or remove and reconfigure the static routes.

Gilles.

Gilles Dufour Thu, 08/16/2007 - 12:00

this is au automatic keepalive to detect if the next-hop is available.

If it goes down, the CSS will not use the route and try another one.

Gilles.

Gilles Dufour Thu, 08/16/2007 - 22:23

no, there is no option to configure the automatic keepalive.

All you can do is turn it off.

Gilles.

Actions

This Discussion