The command "show icmp" does not work on Cisco ASA

net-harry · ‎02-12-2009

Hi,

In the Cisco ASA 8.0 Command Reference it says that "show icmp" can be used to display the ICMP configuration, but it is not available (at least not on our 5540s):

ciscoasa# show icmp

^

ERROR: % Invalid input detected at '^' marker.

ciscoasa#

We are running version 8.0(4) and 8.0(4)23. I am logging in with an account that has privilege level 15.

Does anyone know if this is a known bug?

Best regards,

Harry

Ivan Martinon · ‎02-12-2009

What about "show run icmp"

JORGE RODRIGUEZ · ‎02-12-2009

You may also try bellow syntax to include icmp acls if any.

show run | inc icmp

Jorge Rodriguez

net-harry · ‎02-13-2009

Hi,

I understand that I could use "show run icmp" or "show run | include icmp", but I was hoping that the command "show icmp" would give some information about the status of the icmp access lists.

For instance how many packets that hit the different imcp permits and denies. Today I only see the log entries for denied attempts, but it would be nice to see how many packets hit the filters.

Also, I think that either the command should be available or it should not be listed in the command reference...

Best regards,

Harry

Ivan Martinon · ‎02-13-2009

For instance there is not such command on the device:

ciscoasa# show icmp

^

ERROR: % Invalid input detected at '^' marker.

ciscoasa# show i?

idb igmp interface ip

ipsec ipv6 isakmp

ciscoasa# show i

My guesses this docs where copied from the PIX 6.X docs and that is why it shows the command there, as you can see it shows it is a pre existing command.

About showing the hits on acls, the only way is with show access-list and defining a criteria like icmp, about the icmp configuration to the device and from the device your option is show run icmp

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/s3.html#wp1427048