Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
343
Views
0
Helpful
1
Replies

Working with ICMP

gchevalley
Level 1
Level 1

‎10-04-2013 09:25 PM - edited ‎03-07-2019 03:51 PM

Is there a way to protect a network from the malicious use of ICMP without breaking PathMTU or disabling ping and traceroute?  I usually do not add the no ip unreachables command on interfaces within my inside network but do have it on all of my interfaces on the internet facing routers.  I already have an infrastructure ACL on my BGP interface set to deny all icmp packets but that is applied in the IN direction only.  I'm doing a review of the config in preperation for routine maintenance and looking for some ideas. 

Labels:
0 Helpful
1 Reply 1

smitesh kharecha
Level 5
Level 5

‎03-10-2014 04:18 AM

Hi,

 

You might want to try Zone Base Firewall and only allow ICMP which ever are generated within the network.

 

HTH,

Smitesh

 

Please rate helpful posts...

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card