icmp issue

Answered Question
Oct 1st, 2010
User Badges:
hello,

I've an issue with the outside interface traffic. In the log server appears this error continuously:

Deny
icmp src Internet:213.221.90.107 dst inside:212.6.X.X (type 3, code 1) by access-group "100" [0x0, 0x0]

dst inside 212.6.X.X correspond to outside interface.

In the acl number 100 only have a rule to access to the public web server. This ip is different than outside public interface.

access-list 100 extended permit tcp any host 212.6.X.X eq https


How I can fix this issue?

thanks



Correct Answer by Jennifer Halim about 6 years 6 months ago

access-list 100 permit icmp any host 212.6.X.X unreachable

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Jennifer Halim Fri, 10/01/2010 - 04:31
User Badges:
  • Cisco Employee,

ICMP type 3, code 1 is an ICMP host unreachable packet.


If you would like the unreachable packet on your outside interface, you can configure the following:

icmp permit any unreachable outside

Hope that helps.

Javi Benito Fri, 10/01/2010 - 04:45
User Badges:

I've configured this option and the issue persist.


thanks!!

Correct Answer
Jennifer Halim Fri, 10/01/2010 - 04:59
User Badges:
  • Cisco Employee,

access-list 100 permit icmp any host 212.6.X.X unreachable

Actions

This Discussion