Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Whether Pix support routemap

Whether Pix support routemaps. How do I deny any PC/Port from access Pix. I have a situation in which one of my PC send continous ICMP packet to internet. I think it's virus I used to block this using Routemap in my router. Now how can I do this in my Pix 501 firewall. I tried denying ICMP packet at inside interface, but this icmp packet is coming across Pix as I can see it thro debug icmp command and hogging my Pix.

How to resolve the issue.

Thankx

  • Other Security Subjects
4 REPLIES
Silver

Re: Whether Pix support routemap

Fix the pc. You know what pc it is. Go fix it.

Re: Whether Pix support routemap

Hi,

I have to agree with Matt on this one. Fix the pc first.

Regards,

Tom

New Member

Re: Whether Pix support routemap

It's my dial in clients. I asked them have anti-virus and latest patch. But still exist. What's the way to fix it

Re: Whether Pix support routemap

Hi,

to deny the icmp packets you should create an access-list using the 'access-list' command and apply that access-list to the interface where the packets are arriving at the pix. This 'applying' is done by using the 'access-group' command.

Here is an example that denies icmp echo request from inside to outside and allows all the other outbound traffic.

'access-list outgoing-traffic deny icmp host any echo'

'access-list outgoing-traffic permit ip any any'

'access-group outgoing-traffic in interface inside'

Kind Regards,

Tom

86
Views
5
Helpful
4
Replies