Hello,Im trying to find the safest option (or alternative) to allow Icmp back into my network from the DMZ in order to troubleshoot. I know its incredibly unsafe to allow ICMP in case the DMZ gets compromised. Requirements need me to alow ICMP retur...
I currently am trying to set up an ACL to allow only type 11 ICMP messages back through the outside interface of our ASA using specific hosts and destination addresses. Currently I have two object groups set up with internal address (object group 1)...
I currently am trying to set up an ACL to allow only type 11 ICMP messages back through the outside interface of our ASA using specific hosts and destination addresses. Currently I have two object groups set up with internal address (object group 1)...
"access-list acl_dmz extended permit icmp object-group DMZhosts object-group Internal-Network time-exceeded" would work then assuming I just wanted to perform troubleshooting by running traceroutes from the internal networks. Another question I wou...
