Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
220
Views
0
Helpful
1
Replies

Determine Client infected using PIX??

gmcmanus93
Level 5
Level 5

‎12-19-2003 09:03 AM - edited ‎02-20-2020 11:10 PM

Caution: While using NAT with a limited number of IP addresses in the translation pool, the translations may not time out if the global address continues to receive traffic. This may happen even if this traffic is blocked by an access list. For more details, refer to Cisco Bug ID CSCec47609.

IOS can use NetFlow to determine which host is generating this ICMP traffic thus the infected machine. How can I do this with PIX? will upgrading the IOS fix this although I still need to determine which machine is generating the traffic. I used the access lists but that prventing network browsing across the vpn tunnel.

0 Helpful
1 Reply 1

drolemc
Level 6
Level 6

‎12-24-2003 09:32 AM

I'm not sure I understood your question correctly. The workaround for the PIX is included in the release notes itself. Dynamic PAT does not suffer from this limitation and the problem can be overcome by specifying one address for PAT in addition to the existing dynamic NAT pool.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card