Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
420
Views
0
Helpful
1
Replies

PIX Service Command

vmolinaro
Level 1
Level 1

‎07-04-2004 11:48 PM - edited ‎02-20-2020 11:29 PM

Hi,

I'm not clear on the difference between the resetinbound|resetoutside options in the Service command and how I should use one in preference to the other. It would be great if someone could provide a simple explanation.

What I want to do is for the firewall to send back a TCP RST for any TCP SYNs that are rejected by ACL.

Is it possible to configure the firewall to DROP send back an ICMP reponse (e.g. ICMP DESTINATION UNREACHABLE) instead of DROP and TCP RST? Or would this be considered a security risk?

Can anyone shed some light?

Vito

0 Helpful
1 Reply 1

mvoight
Level 1
Level 1

‎07-05-2004 02:47 PM

resetinbound is used to send a TCP reset to denied inbound connections. The default behavior would be to just drop it.

resetoutside is used to terminate denied connections that end at the least secure interface (outside interface)

The difference between the 2 is that resetinbound would send Resets for denied traffic for all interfaces and resetoutside only does it for the outside (least secure) interface

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card