Re: ASA 5515-X Denied IMCP type=8, code=0 problem

jkay18041 · ‎04-24-2020

I have an ASA that I keep getting this error in the ASDM Syslog messages which I need to fix to troubleshoot a device.

Severity 3 Syslog ID 313001 Denied ICMP type=8, code=0 from 10.21.1.100 on interface Work_interfaces

I am a rule that permits ICMP on that interface, so I'm not sure why it's getting blocked.

Jeff Horton · ‎04-24-2020

Found this and you may have too.. My suggestion without knowing the ACL is to move your permit up to the top of the list for that interface and see if that helps.. Just do this through ASDM and it will be easier. Click on the line with the permit and then click on the up arrow. It needs to be above any "deny any any" rule.

Hope this helps.

313001

Error Message %ASA-3-313001: Denied ICMP type=number , code=code from IP_address on interface interface_name

Explanation When using the icmp command with an access list, if the first matched entry is a permit entry, the ICMP packet continues processing. If the first matched entry is a deny entry, or an entry is not matched, the ASA discards the ICMP packet and generates this message. The icmp command enables or disables pinging to an interface. With pinging disabled, the ASA cannot be detected on the network. This feature is also referred to as configurable proxy pinging.

Recommended Action Contact the administrator of the peer device.

jkay18041 · ‎04-24-2020

So I have the permit any any rule for icmp at the top.

Not sure if this matters or not but this is traffic over a ipsec site to site vpn.

Thank you

balaji.bandi · ‎04-24-2020

Can you post the configuraiton of ACL to Look.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

torwals · ‎09-24-2024

Was this problem ever solved @jkay18041?

MHM Cisco World · ‎09-24-2024

Make new post it better

MHM