Port forward inbound ICMP (for nagios monitoring)

Answered Question
Sep 6th, 2010

Can you port forward inbound ICMP connections on an ASA firewall?

There doesn't appear to be the option to do this. Only tcp or udp

fw1(config)# static (INSIDE,OUTSIDE) ?

configure mode commands/options:
  Hostname or A.B.C.D  Global or mapped address
  interface            Global address overload from interface
  tcp                  TCP to be used as transport protocol
  udp                  UDP to be used as transport protocol

I suspect I'm going to need to configure a site-to-site VPN with the monitoring environment, and allow monitoring of the internal hosts over the tunnel?

Correct Answer by Kureli Sankar about 6 years 5 months ago

That is correct. ICMP does not use ports so, this is not possible.

You may want to do 1-1 static instead if you have an available IP address to spare.

You can read the rfc here: http://www.faqs.org/rfcs/rfc792.html


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)


This Discussion