When I add ICMP to be allowed both on inside / outside interfaces the internet connection dies. Does anyone know why this happens?
I kind of observed that this behavior takes place not just for ICMP.
Asked
Active
Viewed 128 times
1
-
2Are the ICMP rules resulting in the creation of a new access list? My Cisco is a little rusty but I recall having a similar issue. It was because the rule was the first in a new access list and each access list has a default deny at the end, so when the new access list applied where there had been no access list before... This is especially easy to run into if you're using ASDM. – hwilbanks Nov 27 '12 at 17:39
1 Answers
1
When there are no ACLs on an interface, the relative security-levels of the interfaces involved determine access, i.e. if the ingress interface has security-level 50 and the egress interface has security-level 10, you are always granted access.
Adding ANY access rules to an interface switches the default rule to deny all.
Confusing? You betcha.
adaptr
- 16,576
- 23
- 34
-
I agree this is probably the answer. to actually be sure, add a rule that allows all traffic trough the interface where your going to enable the ICMP and test it. after that add the proper rules to allow your internet traffic to go trough in a secure manner. – Flash Dec 11 '12 at 10:55