07-20-2015 05:49 AM - edited 03-08-2019 01:02 AM
I have an application where I need a small router that can be configured to route ping echo requests (protocol ICMP major code 8) from the WAN side to a device on the LAN side. Please note that the ICMP protocol does not have port numbers, so port forwarding will not work. Can I ge some suggestions on router that can handle this?
07-20-2015 12:21 PM
Hello dschlic1,
Please contact a local reseller for help in determining which Cisco product would be best in your environment.
If you have additional support questions, or would like to speak with a pre-sales team please go here [ http://www.cisco.com/cisco/web/solutions/small_business/small_business_support_and_resources.html ]for additional information..
07-20-2015 01:00 PM
Unfortunately I have been down that path. This is such a specialized issue, normal sales reps don't even know what I am talking about. For that reason I am trying get an answer via a technical channel. Cisco does not make that easy.
07-20-2015 02:21 PM
On an ASA I think you can accomplish this. When I put in a syntax to allow icmp I get these options:
" access-list outside extended permit icmp any any ?"
configure mode commands/options:
<0-255> Enter ICMP type number (0 - 255)
alternate-address
conversion-error
echo
echo-reply
inactive Keyword for disabling an ACL element
information-reply
information-request
log Keyword for enabling log option on this ACL element
mask-reply
mask-request
mobile-redirect
object-group ICMP object-group for destination port
parameter-problem
redirect
router-advertisement
router-solicitation
source-quench
time-exceeded
time-range Keyword for attaching time-range option to this ACL
element
timestamp-reply
timestamp-request
traceroute
unreachable
<cr>
"access-list outside extended permit icmp any any 8" is a valid syntax and should work.
You would still need to Nat it so it can then forward to the device on the inside.
08-20-2015 01:32 AM
What device do you currently have as your internet firewall? Tell us a bit more about your setup.
08-21-2015 05:45 AM
You need to do some destination natting since you're most likely using private IP space in your lan.
But that would push everything on that external ip to that internal host.
May I ask what you try to accomplish? There might be some other solution.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide