PIX, drop packets with TCP reset or ICMP

Unanswered Question
May 9th, 2008
User Badges:
  • Blue, 1500 points or more

I'm assuming (perhaps wrongly) that the pix silently drops connections denied via access rules. Is there a way I can selectively drop packets on the PIX and send a TCP reset or ICMP dst unreachable reply. I'm hoping by adding a little something to the ACL entry, like "with-reset" or whatever.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mhellman Fri, 05/09/2008 - 08:43
User Badges:
  • Blue, 1500 points or more

well, I stand corrected. Finally got wireshark downloaded, and TCP resets are the norm. UDP I'm less concerned about anyway.


This Discussion