cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
191
Views
0
Helpful
1
Replies

Working with ICMP

gchevalley
Beginner
Beginner

Is there a way to protect a network from the malicious use of ICMP without breaking PathMTU or disabling ping and traceroute?  I usually do not add the no ip unreachables command on interfaces within my inside network but do have it on all of my interfaces on the internet facing routers.  I already have an infrastructure ACL on my BGP interface set to deny all icmp packets but that is applied in the IN direction only.  I'm doing a review of the config in preperation for routine maintenance and looking for some ideas. 

1 Reply 1

smitesh kharecha
Contributor
Contributor

Hi,

 

You might want to try Zone Base Firewall and only allow ICMP which ever are generated within the network.

 

HTH,

Smitesh

 

Please rate helpful posts...

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers