Re: Does PIX Firewall can send reject packet with proper icmp un
I do not believe that it does. I have not come across any documentation that leads to believe that it can, and cisco's security best practices suggest that you turn the icmp unreachables off on the ios router code.
If you want the pix to send reject frames, it can but they will be tcp frames with the reset bit set, not icmp unreachable frames.
The pix service resetinbound (for 5.x and 6.x. code) and service resetoutside (for 6.3 code) commands are used to accomplish that. They are off by default.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...