i understand traceroute uses ICMP TTL field & ping generally uses echo-request and echo-reply.
- i am wondering if traceroute and ping would still work if i did not permit 'icmp any any' rule or similar icmp related rule in access list but permitted 'ip any any' rule. Because i notice this happening in some devices though i can't understand the rationale for this.
- I have been told traceroute & ping does not work when they are initiated from one interface of ASA firewall & packet crosses over & passes through another interface of firewall (even if 'permit icmp any any' rule is there in this case). What is the rationale behind this behaviour?
No comments:
Post a Comment