Whether Pix support routemap

byju70 · ‎12-23-2003

Whether Pix support routemaps. How do I deny any PC/Port from access Pix. I have a situation in which one of my PC send continous ICMP packet to internet. I think it's virus I used to block this using Routemap in my router. Now how can I do this in my Pix 501 firewall. I tried denying ICMP packet at inside interface, but this icmp packet is coming across Pix as I can see it thro debug icmp command and hogging my Pix.

How to resolve the issue.

Thankx

mostiguy · ‎12-23-2003

Fix the pc. You know what pc it is. Go fix it.

tvanginneken · ‎12-23-2003

Hi,

I have to agree with Matt on this one. Fix the pc first.

Regards,

Tom

byju70 · ‎12-23-2003

It's my dial in clients. I asked them have anti-virus and latest patch. But still exist. What's the way to fix it

tvanginneken · ‎12-23-2003

Hi,

to deny the icmp packets you should create an access-list using the 'access-list' command and apply that access-list to the interface where the packets are arriving at the pix. This 'applying' is done by using the 'access-group' command.

Here is an example that denies icmp echo request from inside to outside and allows all the other outbound traffic.

'access-list outgoing-traffic deny icmp host any echo'

'access-list outgoing-traffic permit ip any any'

'access-group outgoing-traffic in interface inside'

Kind Regards,

Tom