Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

how to enable icmp (traceroute) through firewall

Hi all, on my asa, how do i let icmp pass through it, does it allow it via default ? from inside to outside ?

2 REPLIES
New Member

Re: how to enable icmp (traceroute) through firewall

try the following ACL for icmp

access-list [named_acl] permit icmp [inside] [outside]

Edit: I don't think firewalls permit any traffic by default.

New Member

Re: how to enable icmp (traceroute) through firewall

You will need to allow the icmp type specific to traceroute from outside.

access-list out_in extended permit icmp any any tracertroute

access-list out_in extended permit icmp any any unreachable

also you'll probably need these commands

icmp permit any traceroute outside

icmp permit any unreachable outside

434
Views
0
Helpful
2
Replies