https://community.cisco.com/t5/network-security/pix-shun-command/m-p/455063#M558322 <HTML><HEAD></HEAD><BODY><P>Hello Mohan,</P><P></P><P>As far as i remember from PIX documentation shun command blocking all traffic originated from IP.</P><P>So all the rest of command is ignored.</P><P>The PIX shun command always shuns the source address regardless of whether or not the additional connection information is provided.</P><P></P><P>I think in this case better to use access-list statements.</P><P></P><P>Alex</P><P></P><P></P><P></P></BODY></HTML> Sat, 14 May 2005 09:57:24 GMT alexr 2005-05-14T09:57:24Z https://community.cisco.com/t5/network-security/pix-shun-command/m-p/455062#M558320 <P>Hello Guys,</P><P></P><P>This command is not working as expected.I configured;</P><P></P><P>pix(config)# shun 172.16.5.100 144.10.55.1 0 23 tcp</P><P>Shun 172.16.5.100 successful</P><P>pix(config)#</P><P></P><P>This command blocks all traffic from 172.16.5.100 to "all" destinations. My understanding is that it should only block traffic from 17.16.5.100 to 144.10.55.1 destined for telnet port, 23. But it blocks all traffic originated from 172.16.5.100, including ICMP.</P><P></P><P>Any thoughts? </P><P></P><P>TIA,</P><P>Mohan</P><P></P> Fri, 21 Feb 2020 08:08:27 GMT https://community.cisco.com/t5/network-security/pix-shun-command/m-p/455062#M558320 m.mohanasundaram 2020-02-21T08:08:27Z https://community.cisco.com/t5/network-security/pix-shun-command/m-p/455063#M558322 <HTML><HEAD></HEAD><BODY><P>Hello Mohan,</P><P></P><P>As far as i remember from PIX documentation shun command blocking all traffic originated from IP.</P><P>So all the rest of command is ignored.</P><P>The PIX shun command always shuns the source address regardless of whether or not the additional connection information is provided.</P><P></P><P>I think in this case better to use access-list statements.</P><P></P><P>Alex</P><P></P><P></P><P></P></BODY></HTML> Sat, 14 May 2005 09:57:24 GMT https://community.cisco.com/t5/network-security/pix-shun-command/m-p/455063#M558322 alexr 2005-05-14T09:57:24Z https://community.cisco.com/t5/network-security/pix-shun-command/m-p/455064#M558325 <HTML><HEAD></HEAD><BODY><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a00801cd841.html#wp1026366" target="_blank">http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a00801cd841.html#wp1026366</A></P></BODY></HTML> Sat, 14 May 2005 16:23:30 GMT https://community.cisco.com/t5/network-security/pix-shun-command/m-p/455064#M558325 a.alekseev 2005-05-14T16:23:30Z