Re: ICMP Traffic Thru The PIX...7.2 Code

From: Farrukh Haroon (farrukhharoon@gmail.com)
Date: Fri Mar 07 2008 - 01:25:59 ARST

• Next message: Jim Cheng: "3560 switch move flash directory"
• Previous message: Paul Borghese: "RE: RE: RE: Laptop for Dynamips"
• Maybe in reply to: Tim Curci: "ICMP Traffic Thru The PIX...7.2 Code"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Dear Tim

I don't think this is possible on the PIX/ASA. You can only match on ICMP
Types and not on Codes. Ironically this can be done on IOS Routers; thought
firewalls are supposed to be more secure.... as security is their primary
function.

Oh well :)

Regards

Farrukh

On Fri, Mar 7, 2008 at 2:04 AM, Tim Curci <timcurci@roadrunner.com> wrote:

> I am trying to permit ONLY ICMP Type 3 Code 4 [Destination Unreachable,
> Fragmentation Needed and Don't Fragment was Set] traffic thru a PIX 535
> running 7.2 code . Does anyone have any ideas?
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Jim Cheng: "3560 switch move flash directory"
• Previous message: Paul Borghese: "RE: RE: RE: Laptop for Dynamips"
• Maybe in reply to: Tim Curci: "ICMP Traffic Thru The PIX...7.2 Code"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Apr 01 2008 - 07:53:52 ART