Hi Pemasiri,
By having inspect icmp configured in your ASA, you are instructing it to
fast switch all the ICMP packets besides creating the statefull object to
allow the return trafffic.
Now, it depends upon the volume of ICMP traffic passing through your
firewall and the hardware resource capability of the ASA to handle that
traffic, because for every icmp request through the ASA will create a new
entry in your connection table.
If the ICMP sessions exceed the number of connections an ASA can handle then
the traffic can severely affect the performance of the ASA.
HTH!
On Tue, Feb 15, 2011 at 12:00 AM, Pemasiri Devanarayana
<pemasiri_at_gmail.com>wrote:
> Hi,
>
> I just want some one to confirm that, if we use inspect icmp on ASA just
> for
> troubleshooting purpose and by mistake if we leave them with the running
> configuration, will it considered as unnecessary configuration and will I
> loose marks on ASA part.?
>
> thanks
> Pemasiri
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- Thanks and Regards, Waseemullah Memon Blogs and organic groups at http://www.ccie.netReceived on Tue Feb 15 2011 - 08:08:43 ART
This archive was generated by hypermail 2.2.0 : Tue Mar 01 2011 - 07:01:50 ART