I inspect icmp in my global policy-map which handles echo-reply on the outside. I also allow these... object-group service outside_icmp service-object icmp echo service-object icmp time-exceeded service-object icmp unreachable
This is by no means a standard of any type, just my personal preference. HTH, Roger On Tue, Nov 3, 2009 at 3:23 PM, Simon Baumann <[email protected]>wrote: > Hi, > I wonder which icmp types I should allow to the outside interface of > my ASA. I had an list with an detailed review of the various types and > the (in this case) useful > types. My ASA is protecting my home network, connected to an ADSL > modem, running in bridge mode (PPPoE). > The archive is unavailable to me at the moment, hope this has not been > explained earlier. Thanks > > Cheers > Simon > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
