Most of the time ICMP is allowed everywhere by default. Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of TED Sent: Wednesday, February 16, 2011 10:55 AM To: Pemasiri Devanarayana Cc: Radioactive Frog; waseemullah memon; [email protected]; Cisco certification Subject: Re: General Question on ICMP on ASA during the lab I think it is better to be safe with things like this. There is no need leaving a configurations that will not be graded if you ask me. What if the proctor assumes that it was part of a solution and grades accordingly. On Tue, Feb 15, 2011 at 6:29 PM, Pemasiri Devanarayana <[email protected]>wrote: > yes.. you are correct my concern was only for lab exam point of view. > > thanks for all your feedback.. > > On Tue, Feb 15, 2011 at 7:49 AM, Radioactive Frog <[email protected] > >wrote: > > > > > >>>>the traffic can severely affect the performance of the ASA.<<< > > > > Hi think Pemasiri is talking about lab environment - not a production. > > I don't see any reason why that would be a problem Pemasiri in the lab as > > that is the best way to evaluate lab for cisco. > > > > > > > > > > > > On Tue, Feb 15, 2011 at 3:08 PM, waseemullah memon < > [email protected]>wrote: > > > >> Hi Pemasiri, > >> > >> By having inspect icmp configured in your ASA, you are instructing it to > >> fast switch all the ICMP packets besides creating the statefull object > to > >> allow the return trafffic. > >> > >> Now, it depends upon the volume of ICMP traffic passing through your > >> firewall and the hardware resource capability of the ASA to handle that > >> traffic, because for every icmp request through the ASA will create a > new > >> entry in your connection table. > >> > >> If the ICMP sessions exceed the number of connections an ASA can handle > >> then > >> the traffic can severely affect the performance of the ASA. > >> > >> HTH! > >> > >> > >> On Tue, Feb 15, 2011 at 12:00 AM, Pemasiri Devanarayana > >> <[email protected]>wrote: > >> > >> > Hi, > >> > > >> > I just want some one to confirm that, if we use inspect icmp on ASA > just > >> > for > >> > troubleshooting purpose and by mistake if we leave them with the > running > >> > configuration, will it considered as unnecessary configuration and > will > >> I > >> > loose marks on ASA part.? > >> > > >> > thanks > >> > Pemasiri > >> > > >> > > >> > Blogs and organic groups at http://www.ccie.net > >> > > >> > > _______________________________________________________________________ > >> > Subscription information may be found at: > >> > http://www.groupstudy.com/list/CCIELab.html > >> > > >> > > >> > > >> > > >> > > >> > > >> > > >> > > >> > >> > >> -- > >> Thanks and Regards, > >> Waseemullah Memon > >> > >> > >> Blogs and organic groups at http://www.ccie.net > >> > >> _______________________________________________________________________ > >> Subscription information may be found at: > >> http://www.groupstudy.com/list/CCIELab.html > > > Blogs and organic groups at http://www.ccie.net > > _______________________________________________________________________ > Subscription information may be found at: > http://www.groupstudy.com/list/CCIELab.html Blogs and organic groups at http://www.ccie.net _______________________________________________________________________ Subscription information may be found at: http://www.groupstudy.com/list/CCIELab.html _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
