Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5739
Views
0
Helpful
5
Replies

ICMP redirect

beaujoire
Level 1
Level 1

‎06-30-2011 02:16 AM - edited ‎03-11-2019 01:53 PM

Hi,

I would like how I can allow the ICMP Redirect ( type 5 ) on my ASA LAN Interface.

PC from LAN have ASA LAN interface as gateway and have to join another Router behind.

I need to allow this traffic.

Thank you

Labels:
0 Helpful
5 Replies 5

p.charalambous1
Level 1
Level 1

‎06-30-2011 04:02 AM

From the old times, icmp redirect is blocked by default on the ASA. I think you can not allow it. You can put as default gateway the other inside Router, and then have a default route on this router to point back to the ASA inside interface.

0 Helpful

beaujoire
Level 1
Level 1
In response to p.charalambous1

‎06-30-2011 06:10 AM

Client Must have ASA interface as default Gateway,I can't change it with default gateway of the inside Router.

This is my topology :

Server (192.168.4.20) ---- (4.229) Router (.1.229) ----- (1.254)(IN) ASA (OUT)

                                                                         |

                                                                         |

                                                           PC - 192.168.1.108

                                                           Gw : 192.168.1.254

I've just read this Post : https://supportforums.cisco.com/message/3290683#3290683

Its seems to be similar to my Problem.

I don't understand the solution to split the network in two and add routes to the inside router.

However I will try the TCP bypass Solution.

Or Maybe I can add a batch script on the Client,it would be someting like that:

192.168.4.0 255.255.255.0 192.168.1.229 1  By this way,I could keep the default Gateway and traffic will avoid to access trought the ASA interface.isn't it ?

Thank You

0 Helpful

beaujoire
Level 1
Level 1
In response to beaujoire

‎07-05-2011 06:51 AM

No one?

0 Helpful

vmilanov
Level 1
Level 1
In response to beaujoire

‎07-05-2011 09:33 AM

Hello Thomas,

Try this from global config mode:

  icmp permit any 5

  route 192.168.4.0 255.255.255.0 192.168.1.229

end

Or, if it a matter of just that single PC, you can install a permanent route on it to the 192.168.4.0/24 network:

- If it is a Win machine: route -p add 192.168.4.0 mask 255.255.255.0 192.168.1.229

- If Linux or other *NIX: /sbin/route add -net 192.168.4.0 netmask 255.255.255.0 gw 192.168.1.229

both commands would require either Administrative or su privileges.

HTH/Regards,

Vasil

0 Helpful

beaujoire
Level 1
Level 1
In response to vmilanov

‎07-06-2011 01:40 AM

I' ve add the command. It's still the same,the packet is denied. I joined the Packet Tracert Log.

I need to access network 4.0 from different clients in the LAN.I will test the TCP Bypass Option or add the route in the Logon script if the ICMP redirect cann't work with ASA .

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card