Hi Roger,
Thanks, I'm using this outside ACL:
access-list OUT_IN permit icmp any any echo
access-list OUT_IN permit icmp any any source-quench
access-list OUT_IN permit icmp any any unreachable
access-list OUT_IN permit icmp any any time-exceeded
access-list OUT_IN permit icmp any any traceroute
Did I miss any type which could cause me trouble?
Cheers
Simon
Am 03.11.2009 um 21:28 schrieb Roger Cheeks:
I inspect icmp in my global policy-map which handles echo-reply on
the outside. I also allow these...
object-group service outside_icmp
service-object icmp echo
service-object icmp time-exceeded
service-object icmp unreachable
This is by no means a standard of any type, just my personal
preference.
HTH,
Roger
On Tue, Nov 3, 2009 at 3:23 PM, Simon Baumann <si...@simon-
baumann.net> wrote:
Hi,
I wonder which icmp types I should allow to the outside interface of
my ASA. I had an list with an detailed review of the various types and
the (in this case) useful
types. My ASA is protecting my home network, connected to an ADSL
modem, running in bridge mode (PPPoE).
The archive is unavailable to me at the moment, hope this has not been
explained earlier. Thanks
Cheers
Simon
_______________________________________________
For more information regarding industry leading CCIE Lab training,
please visit www.ipexpert.com
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
