Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

%PIX-3-10601: Deny inbound (No Xlate) icmp

Hello,

I cannot find an adequate explanation of this error:

Nov 20 01:19:24 10.6.0.128 %PIX-3-106011: Deny inbound (No xlate) icmp src external:202.148.1.232 dst external:63.111.13.100 (type 3, code 1)

It occurs frequently, in a periodic series of errors, as if it is some kind of port scan.

Any thoughts?

1 REPLY
Cisco Employee

Re: %PIX-3-10601: Deny inbound (No Xlate) icmp

Jeffrey,

First go to Google and search for ICMP codes. Find a site that explains the ICMP codes and book mark it. It becomes a valuable reference when reading logs.

The type 3, code 1 message is "destination unreachable, host unreachable". It can come from many things, including a port scan. You should next try and figure out if the source or destination is in your network. WHy are you seeing this at the firewall? Is the source / destination always the same IP or a range of IPs?

Liberty for All,

Brian

196
Views
0
Helpful
1
Replies
CreatePlease login to create content