Solved

How to block icmp messages with a cisco router

Posted on 2011-03-17
3
958 Views
Last Modified: 2012-05-11
We have some hosts or a host that seems to disconnect all the vpn client on my network.

I took a look at the server logs and here what is shows

22116      11:01:17.531532      MY_IP      DEST_IP      TCP      53025 > pptp [SYN]
Seq=0 Win=8192 Len=0 MSS=1460 WS=2 TSV=4447122 TSER=0

So it seems that some clients seend some icmp destination unreachable on the server. The server somehow close all the connections.

Is it possible to block those icmp send messages with a cisco 800 series.

Like deny icmp all all ? Is it going to work ??

Thanks
0
Comment
Question by:caclement
  • 2
3 Comments
 
LVL 17

Expert Comment

by:Kvistofta
ID: 35163053
What you see in the logs is not icmp-traffic, it is tcp-traffic to your pptp-port (1723). Unless you use pptp-based vpn you can simply block all incoming pptp-traffic.

access-list YOURINBOUNDACL deny tcp any SERVERIP eq 1723.

Best regards
Kvistofta
0
 

Accepted Solution

by:
caclement earned 0 total points
ID: 35191129
My messages dont show all the log and the wireshark packets, but i realy want to block sent icmp packets. I want to allow the PPTP and GRE tunels. Some bugged PPTP clients send some ICMP destination unreachable to remote  poptop and pptp linux server wich i do not own and control. The server close all the connection simultaneously.

I added the following ACL

access-list 101 deny icmp any any

It seems to works.
0
 

Author Closing Comment

by:caclement
ID: 35225383
access-list 101 deny icmp any any Blocks any ICMP sent messages.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
High Receive Utilization on my Cisco 3560 V2 10 60
Cisco Sup720 Migrate to Sup2T 5 55
PCAnywhere 2 97
Changing external IP address on Cisco 1921 Router 1 45
If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now