Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

icmp issue

hello,

I've an issue with the outside interface traffic. In the log server appears this error continuously:

Deny
icmp src Internet:213.221.90.107 dst inside:212.6.X.X (type 3, code 1) by access-group "100" [0x0, 0x0]

dst inside 212.6.X.X correspond to outside interface.

In the acl number 100 only have a rule to access to the public web server. This ip is different than outside public interface.

access-list 100 extended permit tcp any host 212.6.X.X eq https


How I can fix this issue?

thanks



1 ACCEPTED SOLUTION

Accepted Solutions
Super Bronze

Re: icmp issue

access-list 100 permit icmp any host 212.6.X.X unreachable

4 REPLIES
Super Bronze

Re: icmp issue

ICMP type 3, code 1 is an ICMP host unreachable packet.

If you would like the unreachable packet on your outside interface, you can configure the following:

icmp permit any unreachable outside

Hope that helps.

New Member

Re: icmp issue

I've configured this option and the issue persist.

thanks!!

Super Bronze

Re: icmp issue

access-list 100 permit icmp any host 212.6.X.X unreachable

New Member

Re: icmp issue

now yes!!

thanks

333
Views
0
Helpful
4
Replies