ICMP Redirect on an ASA

Recently we upgraded our old FreeBSD firewall to a Cisco ASA5520 and I noticed that ASA does not generate ICMP Redirects if it is used as the "default router" or gateway for a network.

This is a problem in any network that has multiple subnets connected by multiple routers and the ASA is configured as the default router. The obvious solution is to add a default route to the firewall on your routers and set the "default gateway" on your hosts to the router but in my case the routers were really old with a horrible pps (packets per seconds) processing rate and didn't want to give them any more work than they already had.

Posted by Reeve Ramharry in General, Security Comments: (0) Trackbacks: (0)

Trackbacks

Trackback specific URI for this entry

No Trackbacks

Comments

Display comments as (Linear | Threaded)

No comments

Add Comment

Name

Homepage

In reply to

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.

Standard emoticons like :-) and ;-) are converted to images.

E-Mail addresses will not be displayed and will only be used for E-Mail notifications

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

Enter the string from the spam-prevention image above:

Remember Information?
Subscribe to this entry

Tips, tricks and articles about Cisco products...

Categories

Quicksearch

Authors

Archives

Syndicate

ICMP Redirect on an ASA