Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ACESM inspection

Hi all,

I have ACESM, when i do traceroute from PC to the servers behind ACE im getting the next hop as the ACE IP address all the time like the follwoign example:

1 <1 ms <1 ms <1 ms ACE-IP

2 3 ms 3 ms 3 ms ACE-IP

3 3 ms 3 ms 3 ms ACE-IP 4 3 ms 3 ms 3 ms ACE-IP 5 3 ms 3 ms 3 ms ACE-IP 6 50 ms 50 ms 53 ms ACE-IP

i know there is an icmp inspection which might bloceked this ... but how can i disable it ??

please advice

3 REPLIES
Bronze

Re: ACESM inspection

Hi Hassan,

try following config and apply it to the vlan pointing towards the clients. What you need to do is inspect the ICMP traffic.

---

access-list ICMP line 10 extended permit icmp any any

class-map match-all ICMP-INSPECT-L4CLASS

description ICMP fixup - L4 Class

2 match access-list ICMP

policy-map multi-match ICMP-Policy

description Inspect ICMP

class ICMP-INSPECT-L4CLASS

inspect icmp error

interface vlan xyz

service-policy input ICMP-Policy

Hope it helps

Roble

New Member

Re: ACESM inspection

all vlan pz

New Member

ACESM inspection

I have the same problem.  I want to be able to ping through the ACE to the backend layer 2 vlans from a server outside the ACE.  This is what I have configured and does not work.  Vlan302 is the L# vlan that allows all traffic into my ACE.

access-list icmp line 10 extended permit icmp any any

class-map match-all icmp-allow-inspect

  2 match access-list icmp

policy-map multi-match icmp-allow-inspect-mmpl

  class icmp-allow-inspect

    inspect icmp error

interface vlan 302 - public facing VIPs- ingress

  ip address 74.113.93.37 255.255.255.224

  alias 74.113.93.36 255.255.255.224

  peer ip address 74.113.93.38 255.255.255.224

  service-policy input mgmt

  service-policy input icmp-allow-inspect-mmpl

  no shutdown

interface vlan 308 - server - L2

  ip address 10.62.22.130 255.255.255.192

  alias 10.62.22.129 255.255.255.192

  peer ip address 10.62.22.131 255.255.255.192

  service-policy input icmp-allow-inspect-mmpl

  no shutdown

370
Views
0
Helpful
3
Replies
CreatePlease to create content