Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hello,Im trying to find the safest option (or alternative) to allow Icmp back into my network from the DMZ in order to troubleshoot. I know its incredibly unsafe to allow ICMP in case the DMZ gets compromised. Requirements need me to alow ICMP retur...
I currently am trying to set up an ACL to allow only type 11 ICMP messages back through the outside interface of our ASA using specific hosts and destination addresses. Currently I have two object groups set up with internal address (object group 1)...
I currently am trying to set up an ACL to allow only type 11 ICMP messages back through the outside interface of our ASA using specific hosts and destination addresses. Currently I have two object groups set up with internal address (object group 1)...
"access-list acl_dmz extended permit icmp object-group DMZhosts object-group Internal-Network time-exceeded" would work then assuming I just wanted to perform troubleshooting by running traceroutes from the internal networks. Another question I wou...
