As always this is really for my reference in the future.
I wanted to allow icmp traffic (Pings, traceroutes) from inside to outside, I had setup ACLs etc like other protocols which were working however ICMp traffic refused to work.
In the end I traced it down to a setting in (ASDM)
ASDM\Configuration\Service Policy Rules\inspection_default\<edit>
\Rule actions
Check ICMP.
OK and then apply.
Ping and traceroute should now work, assuming you have created an acl to allow the appropriate traffic. In addition this will set the firewall to respond to ICMP traffic, I think that's somewhere else.
In addition I believe the following is the CLI for the above (I have not tested it or used it), it is here for info only.
policy-map global_policy
class inspection_default
inspect icmp
exit
exit
No comments:
Post a Comment