Should I block icmp on my edge router or my firewall?

Similar Questions

• E3000 won't handshake with the edge router

  Recently, I bought new E3000. I place the E3000 with edge router static IP address rather DCHP which seemed failing at the same IP address and DNS. Associated with the E3000 laptops have their own IP which differ from the IP address of the border router. E3000 is configured with firewall No. minimum protection, for now. The reason for a minimum protection was to get the handshake between the two routers. The border router is a product of Verizon. The old router I was using is a Netgear who did the handshake with the edge router. I have the latest firmware for the E3000 version of the Firmware: 1.0.04)is build 6. Router will not handshake with wired connections or wireless. Used to connect to the E3000 laptop is running Windows 7 Ultimate.  In fact, all laptops here use the same OS and connect wirelessly. I've tried the package of software provided on the site, which housed a diagnosis that apparently could not solve the problem as well. I have not idea about why E3000 not handshake with the edge router. Can we make a few suggestions. Thank you to all those who respond.

  What is the IP address of the router Verizon? What you write suggests that the Verizon router uses 192.168.1.1. If this is the case, establish the E3000 as a switch simple ethernet access point as follows:

  1. disconnect the E3000 from the Verizon router.
  2 wire a single computer in the E3000.
  3. open the web interface at http://192.168.1.1/ (or whatever the IP address you put it now).
  4. on the main configuration page, make sure that your type of internet connection is on "auto/DHCP.
  5. on the same page, set the LAN IP address to 192.168.1.2.
  6. on the same page, disable the DHCP server.
  7. save the settings.
  8 unplug the computer and one of the LAN ports numbered from the E3000 wireless to your router to Verizon.

  That's all. Now, you can use the E3000 as access point and you can use the remaining 3 LAN ports for wired devices.

• Difference b/w PIX & router (router with the firewall option)

  Hi all

  I want to know that how we can differ with router (router with the firewall option) PIX bcz can also make Staefull packet filtering. What PIX device that reviewed by the customer to use PIX of the router.

  Thank you best regards &,.

  Guelma

  Hello

  There is a discussion in this forum on this topic; Check "Firewalling: PIX vs IOS Firewall" last conversation was released January 10, 2006. Let me know if it helps.

  Rgrds,

  Haitham

• DMVPN router behind a firewall

  Hi all

  I would like to know if the router DMVPN works behind a virtual firewall.

  We use ISR routers

  ISR router (spoke)--> virtual firewall--> WAN<-- isr="">

  Please notify

  HIII Jocelyn

  Nice to meet you here also...

  Yes, you are right. all you have to do is open the ports for traffic dmvpn. and also the NAT if the firewall is also performing NAT.

• block icmp never work on ASA 8.6

  Hi all

  I tried to put this on my ACL

  extended access list 1 outside_access_in line deny icmp no echo

  and write on the flash.

  but still I can ping my ip address.  my version of the SAA is 8.6.

  Thanks for any comments, that you can add.

  The access list more access-group apply to traffic with the ASA, not realized with the SAA itself.  To block the icmp to the ASA use rather a icmp deny ... statement.

  -Jim Leinweber, WI State Lab of hygiene

• Tutorial on the impasse, should not block even

  The deadlock tutorial consists of two sons and two objects of a friend: alphonse and gaston
  
  Allows you to call your threads. and Tg.
  
  Ta starts by calling: alphonse.bow (gaston)
  GE starts by calling: gaston.bow (alphonse)
  
  If two threads call the same method 'arc' of separate objects. No conflict.
  
  Ta then calls gaston.bowBack, same Tg call alphonse.bowBack
  
  So the two threads call bowBack, this may or may not be at different times and a call may or may not overlap.
  
  The threads then ask "bowBack" of each object. Again he must avoid any conflict. BUT for some reason, there isn't and this
  What says the tutorial. Well that doesn't matter that each thread calling the same method, they are separate objects.
  This is the case also for when Ta and Tg calling 'Bow' - same different objects of the method.
  SO WHY should the threads will block when the 'same method, different objects' call for bowBack?
  
  WHAT ME MISSING HERE? -J' I seem to have completely missed the point of the example.
  As I understand it, both threads are unable to enter a method synchronized of the same object. So we must avoid a conflict in the example of the tutorial.
  Can someone explain what's wrong with my reasoning?
  
  Published by: 838238 on February 20, 2011 13:12

  To put it another way, if we have two complete different objects (i.e. the data they contain are completely different) and two threads attempt to enter the same method, but operate on different objects, we have a deadlock.

  N ° deadlock occurs when two or more locks are required in different orders of two or more threads. It can occur only in Java if you use locks or synchronization. It has nothing to do with the methods se.

  Given that the threads do not operate on the same data set, it seems unnecessary to have methods synchronized in the first place, unless the threads enter the methods of the same object.

  The deadlock proves that they are the same object blocking.

  So in summary, the "synchronized" keyword requires a very strict on a method lock, even if the discussions do not share the same object/data.

  Fake.

  It does not seem necessary.

  It is incorrect. Your comments on what is locked up are at fault.

• How to make my confidence one ways c# windows application that should not blocked by antivirus Applications and how to get the third-party certificate for that?

  Hello

  I built a windows c# application that accesses OS, printer information using WMI query, monitor keyboard strokes overall Win32 API and calls others our executables too.

  Whenever I try to deploy it to computers to our customers, it is getting blocked by antivirus applications.

  If I want to make my request as being approved, we mean that it shouldn't be blocked by antivirus applications.

  How to get the certificate of trustee for my application? Even I am ready to make my request as registered product.

  Kindly let me know the procedures, solutions.

  Thank you

  Senthilkumar AK

  
  This issue is beyond the scope of this site and must be placed on Technet or MSDN

  http://social.technet.Microsoft.com/forums/en-us/home

  http://social.msdn.Microsoft.com/forums/en-us/home

• A full Port-channel should be blocking?

  I had a topology.

  Everything has been properly configured, I veried all channels ports work on all switches... all hosts can talk to each other in their VLAN respective.

  I had trunks on all links between all switches.

  My show etherchannel summary indicates the Port Channel is GOOD if:

  SW1 #show etherchannel summary

  Flags: D - low P - port-channel

  I have - autonomous s - suspended

  H Eve (LACP only)

  R - Layer 3 S - Layer2

  U - running f - cannot allocate an aggregator

  u - unfit to tied selling

  w waiting to be aggregated

  d default port

  Number of channels in use: 2

  Number of aggregators: 2

  Protocol for the Port-Channel port group

  ------+-------------+-----------+----------------------------------------------

  1 Po1 (SU) LACP Gig0/1 (P) Gig0/2 (P)

  However, you will notice that the two ports Gigabit (1 channel Port on this switch) are ORANGE... which means BLOCKED... .and this has been verified when I ran see the spanning tree on this switch

  If it's supposed to happen?

  Yes, even if these links were green in your portchannel LACP always would play you a loop, for this purpose, he blocked because of the fact that you have more links (aggregate bandwidth) between other switches so it is allowing more transmission between.

• Edge router with CUCM/Tel Telepresence SX10 Server Mirotik / Tel conductor

  Hello

  I have a client with 15 sites connecting with Mikrotik router-Board of Directors.

  I have to questions of implementation, in this network, a video-conferencing solution with:

  15 Telepresence SX10, one for each sites

  CUCM

  Cisco Telepresence Server

  Conductor of Cisco Telepresence

  The Cucm, Serveer telepresence and the conductor will be installed on the main site.

  Thank you

  Yes, I also prefer this option if your go direction CUCM because he has already included as an option for CUCM licenses (multiparty license of Cisco) and lower costs.

  Kind regards

  Acevirgil

• The reports in the page lol should limit the selection based on edge guest?

  Hello world
  
  
  I have a requirement where I need to create reports based on the survey questions and there are 6 tables and this survey Questions are repeated in all the tables in this 6 and assume overall, I created 70 reports based on this survey questions. And must I have to integrate all this 70 reports into single dashboard page, and within the hour I have to create radio 6 buttons each button will be the name of each table, how can I achieve this?
  
  The next Question is when we choose a no option box. reports should limit on the page and must view reports related only to this table?
  
  
  Please someone help me on that and answer me with your valid solution.
  
  
  Thank you and best regards,
  
  Laeticia.

  It feels kind of weird that you had created 70 separate analyses rather than a smaller number with a little more intelligent filtering.

  Anyway, you can do this by putting conditions on the sections on the dashboard page. According to your selections in the guests, this can hide and show the equivalent parts.

  That said, the page will be a nightmare, and you'll need 70 conditions, so don't think it will happen well. Maybe take a step back and think about whether you really need 70 separate analyses. If you do... good luck with the creation of this page, it shuold be fun.

  C.

• modem router VPN hardware firewall - config possible?

  We have 2 remote employees having difficulties with their VPN client software turn off/on.  We were preparing to spread the VoIP phones up to them and won't open our internal PBX network.  I would like to make 1 stone 2 strokes by providing a hardware VPN to each employee to establish a gateway 2 IP Sec VPN gateway between their home and the main office.  This should provide a more reliable connection and throughput high, all allowing the VoIP phone to connect through the VPN tunnel, thus keeping our secure internal PBX.  So far so good.  From what I can tell the rv120w, rv220w or cisco asa 5505 would do the trick.  Now the difficulty - I don't want any personal traffic (Netflix streaming, whatever) from home, traveling through the VPN tunnel.  So I would like to allow the employee maintain their own network staff, and within the personal network the hardware VPN device providing a secondary network would use the VPN tunnel.

  It would look like this:

  Web:

  wireless router: (dynamic public IP 192.168.1.x private subnet)

  personal computer

  laptop

  television network, etc.

  hardware VPN device: (192.168.1.1 IP WAN, private subnet 192.168.2.x), IPSec VPN tunnel to the main office (must use internal DNS main office)

  Phone VoIP (192.168.2.1)

  Desktop computer (192.168.2.2)

  Seems simple to me, but concerned about through two NAT.  Looks like this would be preferred for a desktop home configuration that shares a single internet connection.  Found an old Cisco product that was aligned to this specific scenario - the Cisco VPN 3002; but it is the end of life.

  I'm also a bit wary of different routers Cisco RV line poor consumer reviews.  Whereas the Zyxel Zywall USG 20 as an alternative.

  The split of RV120 and RV220W site-to-site VPN tunnel support, so all traffic "cluttered" would remain local for home networks while the VPN traffic that's exactly right.

  You can consider installing one of the routers listed above in areas home to avoid the double-NAT or additional purchases. The VPN device does not practice given that the expense of a gateway to gateway VPN router is fairly inexpensive.

  -Tom

• Router VPN, where to place?

  I have a Cisco ASA NAT fact.

  I have a 2801 with OBJECTIVE VPN.

  Should I place external int of the router outside the firewall and internal int of the router in the DMZ of firewall IOS execution of ASA-then on the outside... or place the external int of the router in the DMZ - ASA and internal int of the router network internally, then do a NAT one to one in external int of the router with ASA? If I do the 2nd option, I have headaches with NAT and IPSec tunnels? More precisely if I want to protect the public NAT had the IP address of the servers in a DMZ instead of private so I don't overlap LANs...?

  Thank you!

  I knew of your sugestion ecrypted ipsec rehbeh will go to the DMZ-1 for the router, and then after it cracked me he switch to the router on the inside interface, then to the ASA dmz-2 finally to the asa inside the interface to the private network.

  It is good for security but a cuple of disadvantages as u mentioned it will be higher performance on the firewall and it will consume more public ip address and interfaces

  as I sujested before

  and also it is sujested by sevral cisco cruises and the design of the security templates

  It's better to divide your network to the security layer

  so when you put the router in front of the fire wall, it will be considered as router permiter and at this point, you can allow only know good circulation (called model of security policy) and also to terminate the vpn on it so the vpn will be decrypted for the firewall (the idea even URS) while the vpn connection traffic will be exposed to the firewall for inspection for example inspection request extra packages for the filltering filltering been on the permiter router, mybe will be sent to the AIP - ssm IPS firewall model for inspection signtures (called model signture who deny traffic unfamiliar)

  will, is also part of the security in the deployment depth

  Thank you and so useful rates

• I can't use a WRT610N as a bridge or an AP?

  Inherited this WRT610N someone and want to deploy in a LAN pre-existing (172.21.1.x) with an existing DHCP server.

  Can I use the "Internet" port if I assign a static IP on my local network and create a new scope DHCP (192.168.1.x) for wireless clients?

  1. you may not use the WRT610N as wireless bridge. The WRT connect to other wireless access points.

  2. you can configure the WRT the way you suggested. This will create separate LANs. Your existing local network will not be able to access the LAN WRT, but LAN WRT accesses your main LAN.

  3. you can configure the WRT to the way you suggested and disable NAT on the WRT if your main router is able to NAT IP other additional subnets then its own LAN subnet (for example, you can tell your main router addresses 192.168.1. * NAT). With NAT disabled on the WRT, you will need to add a static route for 192.168.1.0/255.255.255.0 the static IP address of your WRT into your 172.21.1 network. *. In addition, the computers in your existing LAN should either have the same static route installed or computers should accept that ICMP redirects your main router. With this configuration, the WRT LAN is routed from your main LAN, i.e. computers are able to connect to each other. But it is still a separate broadcast domain, which means things like the Windows standard working group name resolution will not work like that is based on emissions of LAN.

  4. you can configure the WRT as ethernet switch and single access point. Keep the internet settings on DHCP. Set a LAN IP inside your main LAN address * 172.21.1, same subnet mask as your existing (if possible) LAN. Stop the DHCP server on the WRT. Now one of the WRT LAN ports connect to your existing LAN. Do not use the internet port of the WRT. Now you have connected the AP within the WRT directly in your LAN without going through all the functions of routing of the WRT. You only have a single LAN now and anything can connect to the rest of your LAN.

• How to block an IP address with a WRVS4400N router?

  I have kept an eye on my label of report IPS lately and have observed a large number of attacks ICMP_SMURF and BACK from the Chinese ip address.  I know that I can probably block the ip criminalized through the ip acl tab according to the firewall settings, but I'm kind of a newbie

  Everyone keeps to view an example of how I can block certain ip addresses to my router?

  Hmm. honestly: If you have difficulties of implementation through this before web interface very simple and right you should either not do it at all (or may cause more pose a problem and then nothing) or have someone else who knows these things for you to do...

  You create a new rule:

  Action: reject
  Service: all THE
  Journal: not verified
  Connect the prefix: vacuum
  Interface source: WAN
  Source: Single - IP address internet address should be blocked
  Destination: ANY
  Scheduling: by default, i.e. at any time.

  That's all.

  The default allow rule everything should appear as 2 rule in the ACL table then. If not, you will need to add a 2nd rule allowing all traffic, as does the default rule. Rules are evaluated in the order in order until a match is found.

• Router firewall does not block traffic

  Hello

  I use vmware view Home 4.6 client.  I can authenticate and connect to a windows image 7, but only a black screen appears.  After about 30 seconds it disconnects with the error "the connection to the remote computer has ended."

  If I disable my billion router firewall, the machine virtual windows 7 appears and everything works as expected.  I tried port forwarding 4172 and 5002 but still does not work.  Then I tried port forwarding 50000 to 65000 I saw various 50456 to 64652 ports in firewall logs.  TCP and UDP are enabled in both cases, but no luck.

  Here is the part of the firewall log:

  04 August 23:01:38 home.gateway:firewall:info: 476378.910 blocked Prot = 17, 192.168.1.1:56143 > 10.100.200.1:137 - default defense

  04 August 23:01:38 home.gateway:firewall:info: 476378.910 blocked Prot = 17, 192.168.1.1:52771 > 10.100.200.1:137 - default defense

  04 August 23:01:38 home.gateway:firewall:info: 476378.910 blocked Prot = 17, 192.168.1.1:64632 > 10.100.200.1:137 - default defense

  192.168.1.1 is my computer and 10.100.200.1 is my domain controller from work.

  I then tried to create a packet filtering rule to allow 4172, then 50000 to 65000, but nothing worked.  To disable the firewall of the router or select the parameter of low security for her is the only way to operate.  The default medium security setting blocks the traffic.

  Router is a VGP 7301 billion.  Any advice would be much appreciated.  Thank you.

  Hello

  Im sorry im not familiar with this particular modem however I got something similar on my draytek at home. Mine to connect for a few seconds, and then stop working.

  I discovered that it was because my BACK settings on my modem have been set to protect against a stream of UDP. I was able to disable then part of security BACK settings and then it worked ok.

  Maybe it's the little, you have problems with that. I have no port forwarding on my configuration, and im sure I wasn't leaving the installation rules, all incoming traffic is blocked.

  I hope this helps.

  See you soon

  Phil

  [Edit]

  Just checked, I 32111 outgoing tcp (redirect usb) and also 4172 TCP/UDP outgoing (pcoip). Nothing, nothing allowed incoming traffic.