Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
572
Views
0
Helpful
1
Replies

icmp deny any outside

estelamathew
Level 2
Level 2

‎03-30-2011 01:12 PM - edited ‎03-11-2019 01:14 PM

Hello Dears,

When i apply this command icmp deny any outside it is blocking everything from outside even though tcp and udp  why ???,

I have a permit access-list for my DMZ servers on TCP and UDP  but they are blocked once i apply the icmp deny any outside command.

Thanks

Labels:
0 Helpful
1 Reply 1

Shrikant Sundaresh
Cisco Employee
Cisco Employee

‎03-30-2011 02:02 PM

Hi Estela,

Could you please apply captures on the outside interface and see if traffic is actually reaching the ASA?

I am just wondering(very unlikely) if the device connected on the outside of the ASA, is using icmp to determine if ASA is available.

Secondly if you do a packet-tracer command for one of the DMZ servers, it would clarify what  the problem is:

packet-tracer input outside tcp 4.2.2.2 4222 det

Assuming, "outside" is the name of your outside interface, and the server you are testing connectivity to, provides a tcp service.

If any of the phases in the resulting output, show a "drop", that would point to where the issue is.

In case you need any help with the output, then please attach a sanitized config, and the output of the packet tracer command as well.

-Shrikant

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card