Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
622
Views
0
Helpful
3
Replies

inspect icmp

steigja
Level 3
Level 3

‎09-19-2008 10:09 AM - edited ‎03-11-2019 06:46 AM

While we are on the topic. Whenever I add the "fix protocol icmp" command on version 8.0 ASA 5520. My telnet session to the inside will no longer work. Is there anyway around that?

Labels:
0 Helpful
3 Replies 3

jj27
Spotlight
Spotlight

‎09-19-2008 10:13 AM

What happens if you put in the command:

management-access inside

0 Helpful

robertson.michael
Level 3
Level 3
In response to jj27

‎09-19-2008 01:34 PM

The 'fixup protocol' commands were used in PIX 6.x code. In ASA 7.x and 8.x, this functionality has moved to the MPF.

To enable ICMP inspection in ASA 8.x, your config would look something like this:

class-map inspection_default

match default-inspection-traffic

!

policy-map global_policy

class inspection_default

inspect icmp

!

service-policy global_policy global

Also, for telnet access to the inside interface, you'll want to configure something like this:

telnet inside

Hope that helps.

-Mike

0 Helpful

cisco24x7
Level 6
Level 6
In response to robertson.michael

‎09-19-2008 05:26 PM

You still CAN enter "fixup protocol ftp 21"

on Pix 7.x and 8.x code. It will automatically

convert into Modular Policy Framework (MDF)

for you.

I didn't try "fixup protocol icmp" in version

8.x because my Pix firewall crashed but I

think it will work as well.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card