cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
96
Views
0
Helpful
1
Replies
Highlighted
Beginner

Working with ICMP

Is there a way to protect a network from the malicious use of ICMP without breaking PathMTU or disabling ping and traceroute?  I usually do not add the no ip unreachables command on interfaces within my inside network but do have it on all of my interfaces on the internet facing routers.  I already have an infrastructure ACL on my BGP interface set to deny all icmp packets but that is applied in the IN direction only.  I'm doing a review of the config in preperation for routine maintenance and looking for some ideas. 

1 REPLY 1
Highlighted
Contributor

Hi,

 

You might want to try Zone Base Firewall and only allow ICMP which ever are generated within the network.

 

HTH,

Smitesh

 

Please rate helpful posts...

Content for Community-Ad