Enabling Icmp Messages To The Ace - Cisco 4700M Administration Manual

Enabling Remote Access to the ACE
Detailed Steps
Command
Step 1
show {ssh session-info | telnet}
Example:
host1/Admin# show ssh session-info
Step 2
clear {ssh | telnet} session_id
Example:
host1/Admin# clear ssh 345

Enabling ICMP Messages to the ACE

This section describes how to enable ICMP messages on the ACE. By default, the ACE does not allow
ICMP messages to be received by an ACE interface or to pass through the ACE interface. ICMP is an
important tool for testing your network connectivity; however, network hackers can also use ICMP to
attack the ACE or your network. We recommend that you allow ICMP during your initial testing, but
then disallow it during normal operation.
To permit or deny address(es) to reach an ACE interface with ICMP messages, either from a host to the
ACE, or from the ACE to a host which requires the ICMP reply to be allowed back, configure one of the
following:
•
•
•
See the
a network management class map, policy map, and service policy for the ACE.
To allow ICMP messages to pass through the ACE, configure an ICMP ACL to permit or deny network
connections based on the ICMP type (for example, echo, echo-reply, or unreachable). See the Cisco 4700
Series Application Control Engine Appliance Security Configuration Guide for details.
If you want only to allow the ACE to ping a host (and allow the echo reply back to the interface), but not
Note
allow hosts to ping the ACE, enable the ICMP application protocol inspection function instead of
defining a class map and policy map. See the Cisco 4700 Series Application Control Engine Appliance
Security Configuration Guide for details.
Cisco 4700 Series Application Control Engine Appliance Administration Guide
2-20
Class map to provide the ICMP network traffic match criteria for the ACE.
Policy map to enable ICMP network management access to and from the ACE.
Service policy to activate the policy map, attach the traffic policy to an interface or globally on all
interfaces, and specify the direction in which the policy should be applied.
"Configuring Remote Network Management Traffic Services"
Chapter 2
Purpose
(Optional) Displays the session information, including the
session ID, of all current SSH or Telnet sessions.
The keywords are as follows:
ssh session-info—Displays SSH session information.
•
telnet—Displays Telnet session information.
•
Terminates a current SSH or Telnet session depending on which
command you enter.
The argument and keyword are as follows:
ssh—Selects an SSH session type.
•
telnet—Selects a Tenet session type.
•
session_id—Specifies the identifier of the SSH or Telnet
•
session to disconnect.
Enabling Remote Access to the ACE
section for details on configuring
OL-20823-01