Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
907
Views
0
Helpful
2
Replies

icmp type 11 code 0 cause pix 7 to deny traffic

dragec
Level 1
Level 1

‎07-27-2005 09:58 PM - edited ‎02-21-2020 12:18 AM

Is it possible that icmp type 11 code 0 cause pix to drop traffic?

After

%PIX-3-313001: Denied ICMP type=11, code=0 from x.x.x.6 on interface

inside

access list denies traffic it otherwise passes

0 Helpful
2 Replies 2

umedryk
Level 5
Level 5

‎08-02-2005 09:50 AM

When using the icmp command with an access list, if the first matched entry is a permit entry, the ICMP packet continues processing. If the first matched entry is a deny entry or an entry is not matched, the firewall discards the ICMP packet and generates this syslog message. The icmp command enables or disables pinging to an interface. With pinging disabled, the firewall cannot be detected on the network. This feature is also referred to as configurable proxy pinging.

0 Helpful

dragec
Level 1
Level 1
In response to umedryk

‎08-02-2005 12:00 PM

Problem is that I am using IPSEC tunnels, cca 10 peers. And everything is working ok for 8 12, sometimes for 24 hours. And then tunnels are ... kind of half open. When I look in log all I can see is that ICMP deny message and 10 seconds after fw starts to denies UDP (500), ISAKMP traffic from peers. This is the only what I can see, first that ICMP and 10 secs after problems.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card