cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
363
Views
0
Helpful
1
Replies

Specific ACL ICMP rules - ASA 8.0(3)

rgreville666
Level 1
Level 1

Hi,

I'm trying to write some specific ICMP rules but finding it very difficult and don't understand where I'm going wrong.

I have the following rule with my access-list

access-list INSIDE-ACL extended permit icmp host 10.101.133.20 10.101.196.0 255.255.255.0 echo-reply

At the end of the access-list I have a permit IP ANY ANY log rule (just as a test to see which line the ICMP is picked up on) don't worry this isn't a production box!!!!

The ICMP packet never hits the rule and is always permitted by the “IP ANY ANY”

Feb 20 2009 10:00:54 HOSTNAME: %ASA-4-106100: access-list INSIDE-ACL permitted icmp inside/10.101.133.20(8) -> outside/10.101.196.195(0) hit-cnt 1 first hit

The above log proves my access-list... Where am I going wrong??????

1 Reply 1

andrew.prince
Level 10
Level 10

You are using the wrong icmp type, re-write the acl to:-

access-list INSIDE-ACL extended permit icmp host 10.101.133.20 10.101.196.0 255.255.255.0 echo

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: