icmp fixup…

the asa defaults to not allow icmp for good reason, but in the lab, that’s bad… change it in the MPF (modular policy framework)

ciscoasa(config)# sh run policy?

exec mode commands/options:
policy-map
ciscoasa(config)# sh run policy-map
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp

note the lack of inspect icmp…

and the ping will fail which plays hell with testing…

fixup protocol icmp is a quick fix for that on the asa…

ciscoasa(config)# fixup protocol icmp
INFO: converting ‘fixup protocol icmp ‘ to MPF commands
ciscoasa(config)# sh run policy-map
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect icmp

it’s now added to the list and the ping will work…
note before and after below…

pingworks