inspect icmp

Unanswered Question
Sep 19th, 2008
User Badges:

While we are on the topic. Whenever I add the "fix protocol icmp" command on version 8.0 ASA 5520. My telnet session to the inside will no longer work. Is there anyway around that?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jjohnston1127 Fri, 09/19/2008 - 10:13
User Badges:
  • Silver, 250 points or more

What happens if you put in the command:


management-access inside


robertson.michael Fri, 09/19/2008 - 13:34
User Badges:
  • Silver, 250 points or more

The 'fixup protocol' commands were used in PIX 6.x code. In ASA 7.x and 8.x, this functionality has moved to the MPF.


To enable ICMP inspection in ASA 8.x, your config would look something like this:


class-map inspection_default

match default-inspection-traffic

!

policy-map global_policy

class inspection_default

inspect icmp

!

service-policy global_policy global


Also, for telnet access to the inside interface, you'll want to configure something like this:


telnet inside


Hope that helps.


-Mike

cisco24x7 Fri, 09/19/2008 - 17:26
User Badges:
  • Silver, 250 points or more

You still CAN enter "fixup protocol ftp 21"

on Pix 7.x and 8.x code. It will automatically

convert into Modular Policy Framework (MDF)

for you.


I didn't try "fixup protocol icmp" in version

8.x because my Pix firewall crashed but I

think it will work as well.



Actions

This Discussion