Table of Contents
Advertisement
Chapter 2
Enabling Remote Access to the ACE
Enabling ICMP Messages to the ACE
See the
"Configuring Remote Network Management Traffic Services"
section for
details on configuring a network management class map, policy map, and service
policy for the ACE.
To allow ICMP messages to pass through the ACE, configure an ICMP ACL to
permit or deny network connections based on the ICMP type (for example, echo,
echo-reply, or unreachable). See the Cisco 4700 Series Application Control
Engine Appliance Security Configuration Guide for details.
Note
If you want only to allow the ACE to ping a host (and allow the echo reply back
to the interface), but not allow hosts to ping the ACE, enable the ICMP application
protocol inspection function instead of defining a class map and policy map. See
the Cisco 4700 Series Application Control Engine Appliance Security
Configuration Guide for details.
For example, to allow the ACE to receive ICMP pings, enter the following
commands:
host1/Admin(config)# class-map type management match-all
ICMP-ALLOW_CLASS
host1/Admin(config-cmap-mgmt)# description Allow ICMP packets
host1/Admin(config-cmap-mgmt)# match protocol icmp source-address
172.16.10.0 255.255.255.254
host1/Admin(config-cmap-mgmt)# exit
host1/Admin(config)# policy-map type management first-action
ICMP_ALLOW_POLICY
host1/Admin(config-pmap-mgmt)# class ICMP-ALLOW_CLASS
host1/Admin(config-pmap-mgmt-c)# permit
host1/Admin(config-pmap-mgmt-c)# exit
host1/Admin(config-pmap-mgmt)# exit
host1/Admin(config)# interface vlan 50
host1/Admin(config-if)# ip address 172.16.1.100 255.255.0.0
host1/Admin(config-if)# service-policy input ICMP_ALLOW_POLICY
Cisco 4700 Series Application Control Engine Appliance Administration Guide
2-20
OL-11157-01
Hide quick links:
Advertisement
Table of Contents
