ICMP Using Cisco Configuration Professional

rkulik512 · ‎09-06-2012

I am trying to set up the router (881) using Cisco Configuration Professional, to allow ping reply's..I can not for the life of me figure it out. Any ideas greatly appreciated..

Marvin Rhoads · ‎09-07-2012

By default the router will respond to pings.

Do you have IOS zone-based firewall turned on by chance? If so, I can reply with what you'd need to allow ping replies.

rkulik512 · ‎09-07-2012

yes it is using IOS zone

Marvin Rhoads · ‎09-08-2012

You need to add icmp to the allowed traffic from "self to out-zone" (out-zone being the external interface. In the CCP GUI it will look something like this:

That translates to CLI configuration lines similar to the following (only directly relevant commands included here):

class-map type inspect match-any ccp-cls-icmp-access

match protocol icmp

match protocol tcp

match protocol udp

policy-map type inspect ccp-permit-icmpreply

class type inspect ccp-icmp-access

inspect

class class-default

pass

zone-pair security ccp-zp-self-out source self destination out-zone

service-policy type inspect ccp-permit-icmpreply

interface GigabitEthernet0/1

description $FW_OUTSIDE$

zone-member security out-zone

rkulik512 · ‎09-10-2012

hmmm thats what I have....any thoughts??