CSS interface sending ICMP to PIX

Unanswered Question
Aug 16th, 2007
User Badges:

I have a css in one armed config. My PIX interface is getting ICMP from the CSS interface, not a service address, but the CSS interface.


The PIX is denying the requests, but I do not see where it is coming from.


They are coming more frequent that the TACACS frequency setting.


I did have some services configured with ICMP keepalives, but they are suspended.


Anyone have any ideas?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.8 (4 ratings)
Loading.
Diego Vargas Thu, 08/16/2007 - 09:05
User Badges:
  • Cisco Employee,

Hi, the CSS will send a ICMP keepalive by default to its upstream device. In order to disable this, run the command:


CSS(config)# ip no-implicit-service


Hope it helps!!

Gilles Dufour Thu, 08/16/2007 - 09:33
User Badges:
  • Cisco Employee,

just one remark to the info that was given here, the command 'ip no-implicit-service' only applies to newly configured routes.

Once you configured this command, you need to either reboot the CSS or remove and reconfigure the static routes.


Gilles.

Gilles Dufour Thu, 08/16/2007 - 12:00
User Badges:
  • Cisco Employee,

this is au automatic keepalive to detect if the next-hop is available.

If it goes down, the CSS will not use the route and try another one.


Gilles.

wilson_1234_2 Thu, 08/16/2007 - 14:31
User Badges:

Thanks,


Can you set the frequency or number of packets that are sent?

Gilles Dufour Thu, 08/16/2007 - 22:23
User Badges:
  • Cisco Employee,

no, there is no option to configure the automatic keepalive.

All you can do is turn it off.


Gilles.

Actions

This Discussion