Cisco 4700M Configuration Manual page 39
Application control engine appliance security
Hide thumbs
Also See for 4700M:
- Administration manual (292 pages) ,
- Upgrade manual (24 pages) ,
- Installation manual (18 pages)
Table of Contents
Advertisement
Chapter 1
Configuring Security Access Control Lists
Table 1-5
ICMP Code Number
31
32
•
•
•
For security reasons, the ACE does not allow pings from an interface on a VLAN
Note
on one side of the ACE through the appliance to an interface on a different VLAN
on the other side of the appliance. For example, a host can ping the ACE address
that is on the IP subnet using the same VLAN as the host but cannot ping IP
addresses configured on other VLANs on the ACE.
For example, to configure a TCP extended ACL, enter:
host1/Admin(config)# access-list INBOUND line 10 extended permit tcp
192.168.12.0 255.255.255.0 gt 1024 172.27.16.0 255.255.255.0 lt 4000
For example, to remove an entry from an extended ACL, enter:
host1/Admin(config)# no access-list INBOUND line 10
To control a ping, specify echo (8) (host to ACE).
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
OL-16202-01
ICMP Types (continued)
ICMP Type
conversion-error
mobile-redirect
code—(Optional) Specifies that a numeric operator and ICMP code follows.
operator—Operator that the ACE applies to the ICMP code that follows.
Enter one of the following operators:
lt—Less than.
–
gt—Greater than.
–
eq—Equal to.
–
–
neq—Not equal to.
range—Inclusive range of ICMP code values. When you use this
–
operator, specify two code numbers to define the range.
code1, code2—ICMP code number that corresponds to an ICMP type. See
Table
1-5. If you entered the range operator, enter a second ICMP code value
to define the upper limit of the range.
Configuring ACLs
1-15
Advertisement
Table of Contents
