PIX, drop packets with TCP reset or ICMP

Unanswered Question
May 9th, 2008

I'm assuming (perhaps wrongly) that the pix silently drops connections denied via access rules. Is there a way I can selectively drop packets on the PIX and send a TCP reset or ICMP dst unreachable reply. I'm hoping by adding a little something to the ACL entry, like "with-reset" or whatever.

Thanks.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mhellman Fri, 05/09/2008 - 08:43

well, I stand corrected. Finally got wireshark downloaded, and TCP resets are the norm. UDP I'm less concerned about anyway.

Actions

This Discussion