Specific ACL ICMP rules - ASA 8.0(3)

Unanswered Question
Feb 20th, 2009


I'm trying to write some specific ICMP rules but finding it very difficult and don't understand where I'm going wrong.

I have the following rule with my access-list

access-list INSIDE-ACL extended permit icmp host echo-reply

At the end of the access-list I have a permit IP ANY ANY log rule (just as a test to see which line the ICMP is picked up on) don't worry this isn't a production box!!!!

The ICMP packet never hits the rule and is always permitted by the “IP ANY ANY”

Feb 20 2009 10:00:54 HOSTNAME: %ASA-4-106100: access-list INSIDE-ACL permitted icmp inside/ -> outside/ hit-cnt 1 first hit

The above log proves my access-list... Where am I going wrong??????

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion