Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2490
Views
0
Helpful
1
Replies

ICMP Stateful

manuadoor
Level 1
Level 1

‎06-09-2010 07:06 AM - edited ‎03-11-2019 10:56 AM

Hi,

Most of us knows that ICMP is not a stateful protocol, and we can make it using ICMP inspection in ASA.

As per my understanding,

In TCP, TCP Flags are making TCP capable of stateful protocol, In UDP, src and dst port numbers playing the role to make it stateful.. But what makes ICMP to become stateful!!!

Regards,

Manu B.

Labels:
0 Helpful
1 Reply 1

Panos Kampanakis
Cisco Employee
Cisco Employee

‎06-09-2010 07:43 AM

The ASA builds a ICMp connection for the icmp echoes that is sees. It creates a session based on the identification/sequence number of the icmp header, it's source and destination ip addresses and its type and code. So, it knows what the icmp reply for that packet will look like and it will allow the return traffic.

I hope it clarifies it.

PK

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card