Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

doubt about access-list

Hello guys, i need an help. Could you tell me If when i deny IP traffico towards an host  i deny also icmp traffic?

Tanks gio

2 REPLIES
New Member

Hi, No. If you denied IP

 

 

VIP Green

This is incorrect.  the ICMP

This is incorrect.  the ICMP protocol is part of the IP protocol suite and is used to send error messages.  So in denying IP you will also be denying ICMP.

But also keep in mind that the ICMP request and ICMP reply are two different flows and are not tracked in the state table of the ASA.  So, if you are pinging from a device on a higher security level interface to a device on a lower security level interface the reply will be denied unless specifically permitted.

--

Please remember to select a correct answer and rate helpful posts

--

Please remember to rate and select a correct answer
35
Views
0
Helpful
2
Replies
CreatePlease to create content