Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

inspect icmp

While we are on the topic. Whenever I add the "fix protocol icmp" command on version 8.0 ASA 5520. My telnet session to the inside will no longer work. Is there anyway around that?

3 REPLIES

Re: inspect icmp

What happens if you put in the command:

management-access inside

Re: inspect icmp

The 'fixup protocol' commands were used in PIX 6.x code. In ASA 7.x and 8.x, this functionality has moved to the MPF.

To enable ICMP inspection in ASA 8.x, your config would look something like this:

class-map inspection_default

match default-inspection-traffic

!

policy-map global_policy

class inspection_default

inspect icmp

!

service-policy global_policy global

Also, for telnet access to the inside interface, you'll want to configure something like this:

telnet inside

Hope that helps.

-Mike

Silver

Re: inspect icmp

You still CAN enter "fixup protocol ftp 21"

on Pix 7.x and 8.x code. It will automatically

convert into Modular Policy Framework (MDF)

for you.

I didn't try "fixup protocol icmp" in version

8.x because my Pix firewall crashed but I

think it will work as well.

389
Views
0
Helpful
3
Replies