Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Specific ACL ICMP rules - ASA 8.0(3)

Hi,

I'm trying to write some specific ICMP rules but finding it very difficult and don't understand where I'm going wrong.

I have the following rule with my access-list

access-list INSIDE-ACL extended permit icmp host 10.101.133.20 10.101.196.0 255.255.255.0 echo-reply

At the end of the access-list I have a permit IP ANY ANY log rule (just as a test to see which line the ICMP is picked up on) don't worry this isn't a production box!!!!

The ICMP packet never hits the rule and is always permitted by the “IP ANY ANY”

Feb 20 2009 10:00:54 HOSTNAME: %ASA-4-106100: access-list INSIDE-ACL permitted icmp inside/10.101.133.20(8) -> outside/10.101.196.195(0) hit-cnt 1 first hit

The above log proves my access-list... Where am I going wrong??????

1 REPLY

Re: Specific ACL ICMP rules - ASA 8.0(3)

You are using the wrong icmp type, re-write the acl to:-

access-list INSIDE-ACL extended permit icmp host 10.101.133.20 10.101.196.0 255.255.255.0 echo

269
Views
0
Helpful
1
Replies