ICMP Error

Unanswered Question
Apr 27th, 2010
User Badges:

Hello,


Recently I have been getting the following error message;


Denied ICMP type=8, code=0 from 10.3.70.113 on interface inside


Any Idea's how to resolve this?


Thanks


Tahir

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jennifer Halim Tue, 04/27/2010 - 03:16
User Badges:
  • Cisco Employee,

I assume that you are trying to ping the inside interface of the ASA firewall?


If that is the case,  you need to configure the following:


icmp permit any inside


OR/ if you need to be more specific you can configure the following:


icmp permit 10.3.70.113 255.255.255.255 inside

tahirs001 Tue, 04/27/2010 - 03:24
User Badges:

Hi Halijenn,


This is happening automatically, ICMP has been disabled. This error is generating quite frequently from various IP's


Tahir

Jennifer Halim Tue, 04/27/2010 - 03:26
User Badges:
  • Cisco Employee,

The error is generated because as you advised icmp is disabled, hence you are getting the error on "deny" icmp echo.

tahirs001 Tue, 04/27/2010 - 03:31
User Badges:

This has just started to happen, ICMP has been disabled when we upgraded.


Will an access-list have triggered this off?


Tahir

Jennifer Halim Tue, 04/27/2010 - 03:34
User Badges:
  • Cisco Employee,

The error is triggered because you disable icmp, if you enable icmp, you will not see that error.


The error says "deny" the icmp packet, because you have disabled icmp after upgrade as you said.

Actions

This Discussion