Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1033
Views
0
Helpful
3
Replies

ICMP Type 3 error messages from PIX 501

Kevin Melton
Level 2
Level 2

‎12-13-2006 12:25 PM - edited ‎03-11-2019 02:08 AM

when I turn on "debug icmp trace" on my PIX 501, I see a contiguous stream of the following:

210: ICMP unreachable (code 3) kevin7 > 192.168.69.1

211: ICMP unreachable (code 3) kevin7 > 192.168.69.1

212: ICMP unreachable (code 3) kevin7 > 192.168.69.1

213: ICMP unreachable (code 3) kevin7 > 192.168.69.1

214: ICMP unreachable (code 3) kevin7 > 192.168.69.1

215: ICMP unreachable (code 3) kevin7 > 192.168.69.1

216: ICMP unreachable (code 3) kevin7 > 192.168.69.1

217: ICMP unreachable (code 3) kevin7 > 192.168.69.1

218: ICMP unreachable (code 3) kevin7 > 192.168.69.1

219: ICMP unreachable (code 3) kevin7 > 192.168.69.1

220: ICMP unreachable (code 3) kevin7 > 192.168.69.1

221: ICMP unreachable (code 3) kevin7 > 192.168.69.1

222: ICMP unreachable (code 3) kevin7 > 192.168.69.1

223: ICMP unreachable (code 3) kevin7 > 192.168.69.1

224: ICMP unreachable (code 3) kevin7 > 192.168.69.1

Understand that the address 192.168.69.1 is the inside address of the PIX itself. Kevin7 is a workstation in the same 192.68.69 network... his address is .120.

What does this mean?

thx

Labels:
0 Helpful
3 Replies 3

Fernando_Meza
Level 7
Level 7

‎12-13-2006 04:01 PM

Can you please post the outpuf of show run | inc icmp

It looks like the kevin7 is trying to ping your PIX and the PIX might not have icmp enabled on the inside interface

0 Helpful

Kevin Melton
Level 2
Level 2
In response to Fernando_Meza

‎12-14-2006 06:50 AM

Yes here is the output of the "sho run | inc icmp" as requested:

kmnrfw1# sho run | inc icmp

access-list outside_in permit icmp any any echo-reply

access-list outside_in permit icmp any any source-quench

access-list outside_in permit icmp any any unreachable

access-list outside_in permit icmp any any time-exceeded

kmnrfw1#

I am not sure why the box called Kevin7 would be continously pinging the Gateway like that??

Thanks

0 Helpful

bthibode
Level 1
Level 1
In response to Kevin Melton

‎12-14-2006 08:03 PM

I saw this a couple of days ago on a client's network. The client's CSC module failed on his ASA and during the troubleshooting process, I discovered this was happening. I am at a loss as to explain why this is happening. This is not a false report by the PIX/ASA in my opinion, cos when we unplugged the PC, the icmp messages stop. I do find it strange that only icmp unreachable messages are flooding the interface. Could this be some sort of an attack? Has anyone else ever seen this behavior before?

Bryan

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card