Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
477
Views
0
Helpful
1
Replies

Controlling types of ICMP Unreachable generated by filtering routers

gbbromley
Level 1
Level 1

‎04-24-2002 11:00 PM - edited ‎03-08-2019 10:25 PM

As subject:

I want to be able to controll by ICMP code the types of ICMP Unreachable (Type 3) messages generated by a filtering router.

Scenario: BGP Peering routers to a web hosting infrastructure on the Internet, that want visibility of the path used via traceroute, however I dont want to advertise the fact that filtering is occuring by generating ICMP unreachable admin prohibtited or filtering prohibited.

I would also like to stay away from implementing outbound ACLs on the external interfaces just to control ICMP message generation.

Any other thoughts?

Labels:
0 Helpful
1 Reply 1

Philip D'Ath
VIP Alumni
VIP Alumni

‎04-29-2002 03:26 AM

Access lists would make it easier.

How about this for a compromise:

interface x/x

no ip unreachables

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents