?
Solved

PIX configuration: enable ICMP type 3 code 4 from outside

Posted on 2005-04-06
1
Medium Priority
?
921 Views
Last Modified: 2013-11-29
I'm a newbie to CISCO PIX firewalls. My problems is to allow ICMP packages of type 3 code 4 (defragmentation needed) from a specific DSL router to the internal network interface. The following line should allow ICMP type 3 packages - does this allow all subtypes or maybe  just code 0 or 1?

PIX1#icmp permit host 192.168.1.3 unreachable outside

How can I specify the type a little bit more specific? Thanks for any help.

Kind regards,
Marc
0
Comment
Question by:mw-solutions
1 Comment
 
LVL 13

Accepted Solution

by:
gpriceee earned 150 total points
ID: 13716238
"to allow ICMP packages of type 3 code 4 (defragmentation needed)"
icmp permit xxxxxxxxxxx unreachable is type 3 and all subtypes

"from a specific DSL router to the internal network interface"
icmp permit xxxxxxxxxxxxxxxxxxxx outside does NOT permit the packets to the inside interface

"How can I specify the type a little bit more specific"
You have specified the type; there is no command for the sub-type.

icmp permit host 192.168.1.3 unreachable inside

The issue I see with this--unless you're using this to maintain a vpn--is that hopefully you've simply replaces the ip address of the DSL router with the non-routable 192.168.1.3.  If not, you need to replace the 192.168.1.3 with the public address of the DSL router: the external interface address.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
As managed cloud service providers, we often get asked to intervene when cloud deployments go awry. Attracted by apparent ease-of-use, flexibility and low computing costs, companies quickly adopt leading public cloud platforms such as Amazon Web Ser…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question