cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


18191
Views
0
Helpful
3
Replies
Beginner

ASA - which services are include "ip" ?


Hi,

if i permit traffic for inside hosts to the outside with the "ip" service, what fall under this service.

Example:

object network obj_any
nat (inside,outside) dynamic interface

object-group service DM_INLINE_SERVICE_1
service-object ip
service-object icmp
service-object udp
service-object tcp
service-object tcp-udp destination eq sip

access-list global_access extended permit object-group DM_INLINE_SERVICE_1 192.168.5.0 255.255.255.0 any


Do i need icmp if i have already ip within?

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: ASA - which services are include "ip" ?

All protocols are included under IP (inc. ICMP, TCP and UDP).

View solution in original post

3 REPLIES 3
Cisco Employee

Re: ASA - which services are include "ip" ?

All protocols are included under IP (inc. ICMP, TCP and UDP).

View solution in original post

Beginner

Re: ASA - which services are include "ip" ?

thanks for that.

Highlighted
Beginner

ASA - which services are include "ip" ?

Firstly, it has been my experience that ICMP is not included in the "IP" service tag in cisco ASA ACLs.  I usually need a separate ACL for ICMP even though technically ICMP is an IP protocol. 

Secondly IP traffic does not just include TCP and UDP.  Does the Cisco ACL "IP" service include GRE, ESP, AH and other IP protocols?  It's not clear to me. 

I'm sure I knew that when I was doing this a lot but mostly these devices just work and it's only occasionally I need to change things and then I've forgotten this.

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here