inspect icmp

Unanswered Question
Sep 19th, 2008
User Badges:

While we are on the topic. Whenever I add the "fix protocol icmp" command on version 8.0 ASA 5520. My telnet session to the inside will no longer work. Is there anyway around that?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jjohnston1127 Fri, 09/19/2008 - 10:13
User Badges:
  • Silver, 250 points or more

What happens if you put in the command:

management-access inside

robertson.michael Fri, 09/19/2008 - 13:34
User Badges:
  • Silver, 250 points or more

The 'fixup protocol' commands were used in PIX 6.x code. In ASA 7.x and 8.x, this functionality has moved to the MPF.

To enable ICMP inspection in ASA 8.x, your config would look something like this:

class-map inspection_default

match default-inspection-traffic


policy-map global_policy

class inspection_default

inspect icmp


service-policy global_policy global

Also, for telnet access to the inside interface, you'll want to configure something like this:

telnet inside

Hope that helps.


cisco24x7 Fri, 09/19/2008 - 17:26
User Badges:
  • Silver, 250 points or more

You still CAN enter "fixup protocol ftp 21"

on Pix 7.x and 8.x code. It will automatically

convert into Modular Policy Framework (MDF)

for you.

I didn't try "fixup protocol icmp" in version

8.x because my Pix firewall crashed but I

think it will work as well.


This Discussion