Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
475
Views
0
Helpful
2
Replies

PIX 'shun' command

m.mohanasundaram
Level 1
Level 1

‎05-14-2005 01:58 AM - edited ‎02-21-2020 12:08 AM

Hello Guys,

This command is not working as expected.I configured;

pix(config)# shun 172.16.5.100 144.10.55.1 0 23 tcp

Shun 172.16.5.100 successful

pix(config)#

This command blocks all traffic from 172.16.5.100 to "all" destinations. My understanding is that it should only block traffic from 17.16.5.100 to 144.10.55.1 destined for telnet port, 23. But it blocks all traffic originated from 172.16.5.100, including ICMP.

Any thoughts?

TIA,

Mohan

0 Helpful
2 Replies 2

alexr
Level 1
Level 1

‎05-14-2005 02:57 AM

Hello Mohan,

As far as i remember from PIX documentation shun command blocking all traffic originated from IP.

So all the rest of command is ignored.

The PIX shun command always shuns the source address regardless of whether or not the additional connection information is provided.

I think in this case better to use access-list statements.

Alex

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card