Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

permit udp any any to allow ping ?!

Dear Community,

I am having problems understanding how ACL works through VPN. I have the following:

HQ is behind ASA 5510, site address is /24

Remote site is behind Cisco 887 router, site addressing is /24

IPSec VPN is set up and working between the two sites.

Now I have applied the following ACL inside int the public interface of the branch router:

Extended IP access list 102

    10 permit tcp any any eq 22 (1321 matches)

This obviously blocks icmp (ping source

But what I am not understanding is that the only command that will allow ICMP is (on the ACL 102):

permit udp any any

substituting udp with icmp or ip does not allow pings

Could you please give me some guidance.