To allow inside hosts to be visible to outside hosts use following:
access-list OUTSIDE-IN extended permit icmp any any echo
Following lines will make inside hosts visible to outside using taceroute:
access-list OUTSIDE-IN extended permit icmp any any echo-reply
access-list OUTSIDE-IN extended permit icmp any any source-quench
access-list OUTSIDE-IN extended permit icmp any any time-exceeded
Service policy on the firewall also needs to be updated to inspect ICMP traffic
policy-map global_policy
class inspection_default
set connection decrement-ttl
inspect icmp
inspect icmp error
Add Access-list to access-group
access-group OUTSIDE-IN in interface outside
No comments:
Post a Comment