Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

permit udp any any to allow ping ?!

Dear Community,

I am having problems understanding how ACL works through VPN. I have the following:

HQ is behind ASA 5510, site address is 192.168.1.0 /24

Remote site is behind Cisco 887 router, site addressing is 192.168.10.0 /24

IPSec VPN is set up and working between the two sites.

Now I have applied the following ACL inside int the public interface of the branch router:

Extended IP access list 102

    10 permit tcp any any eq 22 (1321 matches)

This obviously blocks icmp (ping 192.168.1.1 source 192.168.10.1)

But what I am not understanding is that the only command that will allow ICMP is (on the ACL 102):

permit udp any any

substituting udp with icmp or ip does not allow pings

Could you please give me some guidance.

332
Views
0
Helpful
0
Replies