Allow ICMP through Cisco ASA

I have been working with an external vendor who has devices within our network. These devices require icmp access to their servers to download required configuration.

By default the Cisco ASA denies icmp packets externally. The policy-map global_policy specifies all the protocols to inspect. This is contained within the class inspection_default which specifies the default inspection traffic. By default, icmp is not in this list.

To get this to work I had to add icmp to the class inspection_default by adding the commands below.

Policy-map global

Class inspection_default

Inspect icmp

Inspect icmp error