inspect icmp

Unanswered Question
Sep 19th, 2008

While we are on the topic. Whenever I add the "fix protocol icmp" command on version 8.0 ASA 5520. My telnet session to the inside will no longer work. Is there anyway around that?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
robertson.michael Fri, 09/19/2008 - 13:34

The 'fixup protocol' commands were used in PIX 6.x code. In ASA 7.x and 8.x, this functionality has moved to the MPF.

To enable ICMP inspection in ASA 8.x, your config would look something like this:

class-map inspection_default

match default-inspection-traffic

!

policy-map global_policy

class inspection_default

inspect icmp

!

service-policy global_policy global

Also, for telnet access to the inside interface, you'll want to configure something like this:

telnet inside

Hope that helps.

-Mike

cisco24x7 Fri, 09/19/2008 - 17:26

You still CAN enter "fixup protocol ftp 21"

on Pix 7.x and 8.x code. It will automatically

convert into Modular Policy Framework (MDF)

for you.

I didn't try "fixup protocol icmp" in version

8.x because my Pix firewall crashed but I

think it will work as well.

Actions

This Discussion