I have ASA 5510. I know by default ASA does not allow ICMP echo to pass through ASA so the host behind my ASA will not get echo replies.
I used to think that I must create access list to enable the ICMP packets to pass through ASA. Then I found that I can also create a service policy to enable ICMP inspectiom to achieve the same goal.
But why? How does applicaiton inspection on ICMP "make" ASA allow ICMP to pass without any access list configured?