[c-nsp] Can pix generate ICMP redirects??
David Prall
dcp at dcptech.com
Fri Jul 15 22:11:12 EDT 2005
Have had this issue before. The PIX will not send an ICMP redirect. It is a
firewall, not a router. It also won't turn the traffic around either, in one
interface out another never the same (of course 7.0 changes this a little).
You could make the interface dot1q, and make the second vlan a dmz interface
and turn the traffic around on the PIX.
David
--
David C Prall dcp at dcptech.com http://dcp.dcptech.com
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Joe McGuckin
> Sent: Friday, July 15, 2005 8:27 PM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] Can pix generate ICMP redirects??
>
> We have a subnet connected to our internal lan via a router
> and rather than
> pass all traffic thru the router, I want to put a static
> route on the pix
> pointing to the router for the subnets it routes to.
>
> This of course assumes that the PIX will generate ICMP
> redirects, which it
> does not seem to be doing.
>
> Is there a command to make it behave correctly?
>
> Thanks,
>
> Joe
>
> --
>
> Joe McGuckin
>
> ViaNet Communications
> 994 San Antonio Road
> Palo Alto, CA 94303
>
> Phone: 650-213-1302
> Cell: 650-207-0372
> Fax: 650-969-2124
>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list