12-23-2003 07:27 AM - edited 02-20-2020 11:10 PM
Whether Pix support routemaps. How do I deny any PC/Port from access Pix. I have a situation in which one of my PC send continous ICMP packet to internet. I think it's virus I used to block this using Routemap in my router. Now how can I do this in my Pix 501 firewall. I tried denying ICMP packet at inside interface, but this icmp packet is coming across Pix as I can see it thro debug icmp command and hogging my Pix.
How to resolve the issue.
Thankx
12-23-2003 08:03 AM
Fix the pc. You know what pc it is. Go fix it.
12-23-2003 08:42 AM
Hi,
I have to agree with Matt on this one. Fix the pc first.
Regards,
Tom
12-23-2003 09:01 AM
It's my dial in clients. I asked them have anti-virus and latest patch. But still exist. What's the way to fix it
12-23-2003 12:38 PM
Hi,
to deny the icmp packets you should create an access-list using the 'access-list' command and apply that access-list to the interface where the packets are arriving at the pix. This 'applying' is done by using the 'access-group' command.
Here is an example that denies icmp echo request from inside to outside and allows all the other outbound traffic.
'access-list outgoing-traffic deny icmp host
'access-list outgoing-traffic permit ip any any'
'access-group outgoing-traffic in interface inside'
Kind Regards,
Tom
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: