Cisco Support Community
Community Member

Icmp Redirect question? (no ip redirects)

I am running SNORT and receive a log message about ICMP Redirect. The Cisco router is sending this to every machine that goes to the internet. I understand why the router is doing this because it meets the four requirements:

(1) The interface on which the packet comes into the router is the same interface on which the packet gets routed out.

(2) The subnet/network of the source IP address is the same subnet/network of the next-hop IP address of the routed packet. (3)

The datagram is not source-routed. (4) The kernel is configured to send redirects.

My question is, would there be any reason why I should not use the command "no ip redirects ". This would stop the ICMP Redirect traffic but I want to know if this could cause other problems?

Thanks for your help.

Community Member

Re: Icmp Redirect question? (no ip redirects)

If you add the command No ICMP Redirects then there could be a performance impact felt by the client workstations if the Router that is currently sending the redirect messages is a busy one. All their traffic destined for the Internet would be first processed through this initial default Router as they would not be instructed (an ICMP redirect) to instead start sending their traffic directly to the Router that takes them to the Internet.

If the bulk of the traffic in this subnet is destined for the Internet, you may want to consider configuring the workstations default gateway to be the Internet facing Router rather than the current one. Just ensure that this Internet facing Router is aware of all the other Router's routes first and continue to leave ICMP redirects enabled on both. Ideally you would see far less redirect messages generated.

Hope this helps,

Craig Doyle

Community Member

Re: Icmp Redirect question? (no ip redirects)

Thanks for the information. I know that changing the default gateway to be the internet facing router rather than the current one would be the best solution. Unfortunately this is not an option. I guess I will just create a rule in SNORT to not look for this message from the routers address.

Thanks for your help

Michael Howe

CreatePlease to create content