10-01-2010 04:07 AM - edited 03-11-2019 11:48 AM
hello,
I've an issue with the outside interface traffic. In the log server appears this error continuously:
Deny icmp src Internet:213.221.90.107 dst inside:212.6.X.X (type 3, code 1) by access-group "100" [0x0, 0x0]
dst inside 212.6.X.X correspond to outside interface.
In the acl number 100 only have a rule to access to the public web server. This ip is different than outside public interface.
access-list 100 extended permit tcp any host 212.6.X.X eq https
How I can fix this issue?
thanks
Solved! Go to Solution.
10-01-2010 04:59 AM
access-list 100 permit icmp any host 212.6.X.X unreachable
10-01-2010 04:31 AM
ICMP type 3, code 1 is an ICMP host unreachable packet.
If you would like the unreachable packet on your outside interface, you can configure the following:
icmp permit any unreachable outside
Hope that helps.
10-01-2010 04:45 AM
I've configured this option and the issue persist.
thanks!!
10-01-2010 04:59 AM
access-list 100 permit icmp any host 212.6.X.X unreachable
10-03-2010 11:01 PM
now yes!!
thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide