Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Port forward inbound ICMP (for nagios monitoring)

Can you port forward inbound ICMP connections on an ASA firewall?

There doesn't appear to be the option to do this. Only tcp or udp


fw1(config)# static (INSIDE,OUTSIDE) ?

configure mode commands/options:
  Hostname or A.B.C.D  Global or mapped address
  interface            Global address overload from interface
  tcp                  TCP to be used as transport protocol
  udp                  UDP to be used as transport protocol


I suspect I'm going to need to configure a site-to-site VPN with the monitoring environment, and allow monitoring of the internal hosts over the tunnel?

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Port forward inbound ICMP (for nagios monitoring)

That is correct. ICMP does not use ports so, this is not possible.

You may want to do 1-1 static instead if you have an available IP address to spare.

You can read the rfc here: http://www.faqs.org/rfcs/rfc792.html

-KS

1 REPLY
Cisco Employee

Re: Port forward inbound ICMP (for nagios monitoring)

That is correct. ICMP does not use ports so, this is not possible.

You may want to do 1-1 static instead if you have an available IP address to spare.

You can read the rfc here: http://www.faqs.org/rfcs/rfc792.html

-KS

2895
Views
0
Helpful
1
Replies
CreatePlease login to create content