Performance issue after allowed ICMP in traffic rule

Unanswered Question
Aug 18th, 2010

Hi All,

Today I am facing new problem in NAC environment. as per the cisco documents, I allowed all mentioned ports, fragments and ICMP to the DCs. but after enable the ICMP desktop pc is hanging on  "applying computer settings" stage. If I disable ICMP rule we don't have this issue.

if anyone have any idea regarding this issue pleas share me.

here is the config

Priority8
Action Allow    Block
State Enabled    Disabled
Category ALL TRAFFIC IP IP FRAGMENT
Protocol
CUSTOM.. TCP UDP ICMP ESP AH
Type
ALL dst_unreachable echo echo_reply info_request info_request_reply parameter_problem redirect source_quench time_exceeded time_stamp time_stamp_reply
Untrusted (IP/Mask
:Port
)
   /  
  :     (ex: "*", "21,1024-1100", "1024-65535")
Trusted (IP/Mask
:Port
)
   /  
  :     (ex: "*", "21,1024-1100", "1024-65535")
Bandwidth
Description

Thank you

Laxman

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Faisal Sehbai Fri, 08/20/2010 - 22:26

Laxman,

This rule you pasted is allowing all traffic. Were you having issues even after opening up all traffic to DCs?

Faisal

blaxucisco Sun, 08/22/2010 - 15:48


Faisal,

sorry for wrong snap-shot, here is the exact snapshot of my config.

Thank you

Laxman

Actions

This Discussion