Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1599
Views
0
Helpful
2
Replies

ICMP redirect problem

MagellanTX
Level 1
Level 1

‎10-09-2004 11:19 PM - edited ‎03-02-2019 07:07 PM

Hello,

I have a 3640 setup as a VLAN RP with my servers on one VLAN workstations on another and finally PIX on one more. Everything works great except when one of my workstations tries to hit the static address (from the PIX) for one of my servers. The server (or router) is sending an ICMP redirect and my workstation gets the internal IP address. Normally this wouldn’t be a problem but when it does this I cannot access any of the services on my server (www, smtp..etc). I have ICMP redirects turned off on all my router interfaces and even the switch but it’s still redirecting. Am I missing something?? Is there another way to turn this off?

Incidentally, the ICMP redirect cache on the router is empty and I even disabled the ICMP redirect on the servers and my test workstation but still redirecting.

Thanks for the help!!!

Btw, I know it’s a waste of traffic to go out the pix just to come in the static but in this case I need to test it.

Labels:
0 Helpful
2 Replies 2

Georg Pauwen
VIP
VIP

‎10-10-2004 12:12 AM

Hello,

I might be totally off here, but if your server is a Windows server, try to disable ICMP redirects on the server as follows:

´You can disable ICMP redirects, to prevent a denial of service attack, by using Regedt32 to navigate to:

HKEY_LOCAL_MACHINE\System\Currentcontrolset\Services\Tcpip\Parameters

On the Edit menu, Add Value name EnableICMPRedirects, a type REG_DWORD entry, and set the data value to 0. A data value of 1 enables ICMP redirects´

Regards,

GP

www.solutionfinders.nl

0 Helpful

a.awan
Level 4
Level 4

‎10-10-2004 04:30 AM

What do you mean when you say that one of your workstations tries to hit a static address from the PIX? Do you mean a workstation trying to access a public ip address mapped to an internal private address?

From your description it seems as if servers, worstations, and the PIX all are in different subnets. I do not understand how ICMP redirects can come into play in this scenario.

Just to make one thing clear the PIX will not allow you to send traffic out the same interface it was received at. This means that you basically cannot access a public address (configured as static) on a PIX pointing back to an internal address from the internal interface. I think the problem you are experiencing is because of this PIX limitation rather than ICMP redirects.

0 Helpful
Customers Also Viewed These Support Documents