Re: PIX7.x/ASA and icmp redirects
- From: roberson@xxxxxxxxxxxx (Walter Roberson)
- Date: Wed, 19 Apr 2006 05:01:39 GMT
In article <4445baab$1@xxxxxxxxxxxxxxxxxxxxx>,
Tosh <mbasc@xxxxxxxxxxxxx> wrote:
Anyone knows if cisco has added the capability of sending icmp redirects to
internal users in Pix7.x and asa appliances?
I'm not certain, but for the PIX at least, I would find it quite
unlikely. The PIX is designed not to allow packets to go back out
the same interface they came in on [*], and the RFC requirements that
go with support for ICMP Redirect require that the packet be
passed along (though the Redirect message itself need not always
be sent.)
[*] Exception: in PIX 7.x, there is an option to allow the
packet through provided that at least one component of the path
is a VPN tunnel... in which case it would never be the -same- packet
that went back out on the interface.
.
- Follow-Ups:
- Re: PIX7.x/ASA and icmp redirects
- From: Tosh
- Re: PIX7.x/ASA and icmp redirects
- References:
- PIX7.x/ASA and icmp redirects
- From: Tosh
- PIX7.x/ASA and icmp redirects
- Prev by Date: Re: PIX 525, how many interfaces?
- Next by Date: PIX 506E (6.3) MTU trouble
- Previous by thread: PIX7.x/ASA and icmp redirects
- Next by thread: Re: PIX7.x/ASA and icmp redirects
- Index(es):
Relevant Pages
|
