Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
1124
Views
0
Helpful
2
Replies

Can a router/switch reply back an "no route to host" for blocked traffic?

jennyjohn
Level 1
Level 1

ā€Ž04-19-2011 09:54 PM - edited ā€Ž03-06-2019 04:42 PM

I have an microsoft exchange server that is creating CAPI2 error messages because internet tests are failing. Internet access for the exchange server is blocked on the firewall.

Microsoft Explanation:

This problem occurs because the affected computer cannot reach the  following Microsoft Web site:

http://crl.microsoft.com/pki/crl/products/CSPCA.crl (http://crl.microsoft.com/pki/crl/products/CSPCA.crl)

RESOLUTION

To resolve this problem, you have the following options: Exchange  server does no...

To resolve this problem, you have the following options:

  • Exchange  server does not have to have a connection to the Internet. It just needs to  have routers that do not send packets into a black hole. The CRL check is timing  out because it never receives a response. If a router were to send a ā€œno route  to hostā€ ICMP packet or similar error instead of just dropping the packets, the  CRL check would fail right away, and the service would start. You can add an  entry to crl.microsoft.com in the hosts file or on the DNS server and send the  packets to a legitimate location on the network, such as 127.0.0.1, which will  reject the connection. To do this, use a text editor to open the  Windows\system32\drivers\etc\host file, and then add the following entry:

crl.microsoft.com 127.0.0.1

----------------------------------------------------------------------------------------------------------------------

What can I do to get the router to send a "no route to host" ICMP back to the server instead of just dropping it?

Thanks in advance.

Labels:
0 Helpful
2 Replies 2

cadet alain
VIP Alumni
VIP Alumni

ā€Ž04-20-2011 12:10 AM

Hi,

What can I do to get the router to send a "no route to host" ICMP back to the server instead of just dropping it?

if we look at the proposed solution:  nothing  But why not simply permit the communication?

For a router to send a no route to host ICMP message as the name implies it must lack a route to destination host. and  IMHO you won't be able to do this without disrupting connectivity with internet.

Regards.

Alain.

Don't forget to rate helpful posts.
0 Helpful

hobbe
Level 7
Level 7

ā€Ž04-20-2011 12:44 AM

Actually if you add an access-list to a cisco switch if the access-list blocks the traffic if I do not remember wrong it will send you an icmp error message.

And thats what you want right ?

But why not just redirect it to 127.0.0.1 like the article says ?

would that not be easier ?

Good luck

HTH

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card