how to enable icmp (traceroute) through firewall

Unanswered Question
Jun 22nd, 2008

Hi all, on my asa, how do i let icmp pass through it, does it allow it via default ? from inside to outside ?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jason Fraioli Sun, 06/22/2008 - 17:00

try the following ACL for icmp

access-list [named_acl] permit icmp [inside] [outside]

Edit: I don't think firewalls permit any traffic by default.

vsaavedra Mon, 06/23/2008 - 20:24

You will need to allow the icmp type specific to traceroute from outside.

access-list out_in extended permit icmp any any tracertroute

access-list out_in extended permit icmp any any unreachable

also you'll probably need these commands

icmp permit any traceroute outside

icmp permit any unreachable outside

Actions

This Discussion