Am running a Cisco PIX 525 with OS v7.2. I am trying to enable traceroute through PIX. I already have the below config on my firewall for allowing ICMP replies from untrusted i/f.
access-list xxxx extended permit icmp any any echo-reply
access-list xxxx extended permit icmp any any unreachable
access-list xxxx extended permit icmp any any time-exceeded
I want to allow these replies from anyone on the untrusted i/f, meaning I don't want to control my users to traceroute only some destinations. At the same time, I am worried that anyone can send a crafted echo-reply flood packet(s) to my network.
Is there any other secured way of allowing ICMP replies into my network? (No suggestions of H/W upgrade please. Planning to replace this PIX with a netscreen if this is the only way PIX can work.)
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...