09-06-2012 07:46 PM
I am trying to set up the router (881) using Cisco Configuration Professional, to allow ping reply's..I can not for the life of me figure it out. Any ideas greatly appreciated..
09-07-2012 12:53 PM
By default the router will respond to pings.
Do you have IOS zone-based firewall turned on by chance? If so, I can reply with what you'd need to allow ping replies.
09-07-2012 03:48 PM
yes it is using IOS zone
09-08-2012 08:00 AM
You need to add icmp to the allowed traffic from "self to out-zone" (out-zone being the external interface. In the CCP GUI it will look something like this:
That translates to CLI configuration lines similar to the following (only directly relevant commands included here):
class-map type inspect match-any ccp-cls-icmp-access
match protocol icmp
match protocol tcp
match protocol udp
policy-map type inspect ccp-permit-icmpreply
class type inspect ccp-icmp-access
inspect
class class-default
pass
zone-pair security ccp-zp-self-out source self destination out-zone
service-policy type inspect ccp-permit-icmpreply
interface GigabitEthernet0/1
description $FW_OUTSIDE$
zone-member security out-zone
09-10-2012 10:31 PM
hmmm thats what I have....any thoughts??
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide