I'm trying to write some specific ICMP rules but finding it very difficult and don't understand where I'm going wrong.
I have the following rule with my access-list
access-list INSIDE-ACL extended permit icmp host 10.101.133.20 10.101.196.0 255.255.255.0 echo-reply
At the end of the access-list I have a permit IP ANY ANY log rule (just as a test to see which line the ICMP is picked up on) don't worry this isn't a production box!!!!
The ICMP packet never hits the rule and is always permitted by the âIP ANY ANYâ
Feb 20 2009 10:00:54 HOSTNAME: %ASA-4-106100: access-list INSIDE-ACL permitted icmp inside/10.101.133.20(8) -> outside/10.101.196.195(0) hit-cnt 1 first hit
The above log proves my access-list... Where am I going wrong??????