The "IP" in ASA

trojan81 used Ask the Experts™
Hi experts,

When you specify "IP" in an ACL, it covers all TCP and UDP traffic..but does it also cover all ICMP?
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2011
ICMP is part of the TCP/IP stack. When you create an ACL based only on an IP, it applies to all protocols/ports.
Ernie BeekSenior infrastructure engineer
Top Expert 2012
As said before: yes.
ICMP is a separate protocol on top of IP, just like TCP and UDP. So if you define IP in a list it also covers all the protocols on top of that (about 255). Just Google for 'ip protocol numbers'.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial