cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
198
Views
0
Helpful
5
Replies
dschlic1
Beginner

Small route that can route ping echo requests

I have an application where I need a small router that can be configured to route ping echo requests (protocol ICMP major code 8) from the WAN side to a device on the LAN side. Please note that the ICMP protocol does not have port numbers, so port forwarding will not work. Can I ge some suggestions on router that can handle this?

5 REPLIES 5
Glenn Martin
Cisco Employee

Hello dschlic1,

Please contact a local reseller for help in determining which Cisco product would be best in your environment.

 

If you have additional support questions, or would like to speak with a pre-sales team please go here [ http://www.cisco.com/cisco/web/solutions/small_business/small_business_support_and_resources.html ]for additional information.. 

 

Unfortunately I have been down that path. This is such a specialized issue, normal sales reps don't even know what I am talking about. For that reason I am trying get an answer via a technical channel. Cisco does not make that easy.

On an ASA I think you can accomplish this.  When I put in a syntax to allow icmp I get these options:

" access-list outside extended permit icmp any any ?"

configure mode commands/options:
  <0-255>               Enter ICMP type number (0 - 255)
  alternate-address
  conversion-error
  echo
  echo-reply
  inactive              Keyword for disabling an ACL element
  information-reply
  information-request
  log                   Keyword for enabling log option on this ACL element
  mask-reply
  mask-request
  mobile-redirect
  object-group          ICMP object-group for destination port
  parameter-problem
  redirect
  router-advertisement
  router-solicitation
  source-quench
  time-exceeded
  time-range            Keyword for attaching time-range option to this ACL
                        element
  timestamp-reply
  timestamp-request
  traceroute
  unreachable
  <cr>

"access-list outside extended permit icmp any any 8" is a valid syntax and should work.

 

You would still need to Nat it so it can then forward to the device on the inside.

Robert Hillcoat
Beginner

What device  do you currently have as your internet firewall? Tell us a bit more about your setup. 

Marcel van Dorp
Beginner

You need to do some destination natting since you're most likely using private IP space in your lan.

But that would push everything on that external ip to that internal host.

 

May I ask what you try to accomplish? There might be some other solution.