Specific ACL ICMP rules - ASA 8.0(3)

Unanswered Question
Feb 20th, 2009

Hi,

I'm trying to write some specific ICMP rules but finding it very difficult and don't understand where I'm going wrong.

I have the following rule with my access-list

access-list INSIDE-ACL extended permit icmp host 10.101.133.20 10.101.196.0 255.255.255.0 echo-reply

At the end of the access-list I have a permit IP ANY ANY log rule (just as a test to see which line the ICMP is picked up on) don't worry this isn't a production box!!!!

The ICMP packet never hits the rule and is always permitted by the “IP ANY ANY”

Feb 20 2009 10:00:54 HOSTNAME: %ASA-4-106100: access-list INSIDE-ACL permitted icmp inside/10.101.133.20(8) -> outside/10.101.196.195(0) hit-cnt 1 first hit

The above log proves my access-list... Where am I going wrong??????

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion