Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

FWSM icmp inspection

i have the following config on FWSM:

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map global_policy

class inspection_default

  inspect dns maximum-length 512

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect netbios

  inspect rsh

  inspect smtp

  inspect sqlnet

  inspect sunrpc

  inspect tftp

  inspect sip

  inspect xdmcp

!

service-policy global_policy global

!

what needs to be added to enable icmp inspection?

and is the above config the default ( i have a feeling some changed some settings)?

is there any special reason not to enable icmp inspect  ?

thanks

1 ACCEPTED SOLUTION

Accepted Solutions
Super Bronze

FWSM icmp inspection

Hi,

You would have to go to the correct configuration mode with

policy-map global_policy

class inspection_default

Then you could  enter

inspect icmp

inspect icmp error

These are not enabled by default. I am not sure why they are not since they are a usual reason for problem with users testing connectivity with ICMP. Also wihtout them you actually have to allow ICMP with ACLs rather than have ICMP traffic inspected.

So I am not sure why its not on by default.

- Jouni

4 REPLIES
Super Bronze

FWSM icmp inspection

Hi,

You would have to go to the correct configuration mode with

policy-map global_policy

class inspection_default

Then you could  enter

inspect icmp

inspect icmp error

These are not enabled by default. I am not sure why they are not since they are a usual reason for problem with users testing connectivity with ICMP. Also wihtout them you actually have to allow ICMP with ACLs rather than have ICMP traffic inspected.

So I am not sure why its not on by default.

- Jouni

New Member

FWSM icmp inspection

Thanks

are any default inspections missing in the above config?

Super Bronze

FWSM icmp inspection

Hi,

To my understanding this is the Default Inspection Policy

class-map inspection_default

 match default-inspection-traffic

policy-map global_policy

 class inspection_default

  inspect dns maximum-length 512

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect smtp

  inspect sqlnet

  inspect skinny

  inspect sunrpc

  inspect xdmcp

  inspect sip

  inspect netbios

  inspect tftp

service-policy global_policy global

Please do remember to mark a reply as the correct answer if it answered your question.

Ask more if needed.

- Jouni

New Member

FWSM icmp inspection

619
Views
5
Helpful
4
Replies