Monday, January 4, 2016

Cisco ASA: Allowing ICMP Through The Firewall

I cant believe I have not done this post yet.  I had a customer call me up on an ASA I configured remotely.  He went up to put it in place and told me that although he could get on the Internet, he could not ping anything beyond the firewall.  No worries.  We can setup a policy for that.  This should do it:

ASA(config)# class-map icmp-class
ASA(config-cmap)# match default-inspection-traffic
ASA(config-cmap)# exit
ASA(config)# policy-map icmp_policy
ASA(config-pmap)# class icmp-class
ASA(config-pmap-c)# inspect icmp
ASA(config-pmap-c)# exit
ASA(config-pmap)# service-p icmp_policy interface outside

No comments:

Post a Comment

Your comment will be reviewed for approval. Thank you for submitting your comments.