cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3696
Views
0
Helpful
2
Replies

how to enable icmp (traceroute) through firewall

carl_townshend
Spotlight
Spotlight

Hi all, on my asa, how do i let icmp pass through it, does it allow it via default ? from inside to outside ?

2 Replies 2

Jason Fraioli
Level 3
Level 3

try the following ACL for icmp

access-list [named_acl] permit icmp [inside] [outside]

Edit: I don't think firewalls permit any traffic by default.

vsaavedra
Level 1
Level 1

You will need to allow the icmp type specific to traceroute from outside.

access-list out_in extended permit icmp any any tracertroute

access-list out_in extended permit icmp any any unreachable

also you'll probably need these commands

icmp permit any traceroute outside

icmp permit any unreachable outside

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco