Whether Pix support routemaps. How do I deny any PC/Port from access Pix. I have a situation in which one of my PC send continous ICMP packet to internet. I think it's virus I used to block this using Routemap in my router. Now how can I do this in my Pix 501 firewall. I tried denying ICMP packet at inside interface, but this icmp packet is coming across Pix as I can see it thro debug icmp command and hogging my Pix.
to deny the icmp packets you should create an access-list using the 'access-list' command and apply that access-list to the interface where the packets are arriving at the pix. This 'applying' is done by using the 'access-group' command.
Here is an example that denies icmp echo request from inside to outside and allows all the other outbound traffic.
'access-list outgoing-traffic deny icmp host any echo'
'access-list outgoing-traffic permit ip any any'
'access-group outgoing-traffic in interface inside'
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...