On my Edge Router I have an Access list for ICMP as follows:
access-list 103 permit icmp any any time-exceeded access-list 103 permit icmp any any port-unreachable access-list 103 deny icmp any any access-list 103 deny icmp any 0.0.0.0 255.255.255.0 access-list 103 deny icmp any 0.0.0.255 255.255.255.0 access-list 103 deny icmp any any redirect
On the PIX Firewall, I have the Following:
access-list acl_outside extended permit icmp any any echo-reply access-list acl_outside extended permit icmp any any time-exceeded access-list acl_outside extended permit icmp any any unreachable
On my PIX log I get hundreds of the Following
%PIX-6-302020: Built ICMP connection for faddr 82.160.189.125/0 gaddr A.B.C.D/0 laddr 10.10.3.10/0 %PIX-6-302021: Teardown ICMP connection for faddr 83.79.179.113/0 gaddr A.B.C.D/0 laddr 10.10.3.10/0
The Address A.B.C.D/0 laddr 10.10.3.10/0 has been caught using a Sharing program. I've turned off Port 6346/6347 on the Edge Router, but I'm still getting the Built and Teardowns.
I would like to be able to Initiate a Ping out from the 10.1.1.0/24, but not a from anywhere else and would like to not allow anyone to Ping us.
What should I change?
Thanks, Scott