Allow ICMP through Cisco ASA

I have been working with an external vendor who has devices within our network. These devices require icmp access to their servers to download required configuration.

By default the Cisco ASA denies icmp packets externally. The policy-map global_policy specifies all the protocols to inspect. This is contained within the class inspection_default which specifies the default inspection traffic. By default, icmp is not in this list.

To get this to work I had to add icmp to the class inspection_default by adding the commands below.

Policy-map global

Class inspection_default

Inspect icmp

Inspect icmp error

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s