Re: General Question on ICMP on ASA during the lab

>>>>the traffic can severely affect the performance of the ASA.<<<

Hi think Pemasiri is talking about lab environment - not a production.
I don't see any reason why that would be a problem Pemasiri in the lab as
that is the best way to evaluate lab for cisco.

On Tue, Feb 15, 2011 at 3:08 PM, waseemullah memon <waseela.mem_at_gmail.com>wrote:

> Hi Pemasiri,
>
> By having inspect icmp configured in your ASA, you are instructing it to
> fast switch all the ICMP packets besides creating the statefull object to
> allow the return trafffic.
>
> Now, it depends upon the volume of ICMP traffic passing through your
> firewall and the hardware resource capability of the ASA to handle that
> traffic, because for every icmp request through the ASA will create a new
> entry in your connection table.
>
> If the ICMP sessions exceed the number of connections an ASA can handle
> then
> the traffic can severely affect the performance of the ASA.
>
> HTH!
>
>
> On Tue, Feb 15, 2011 at 12:00 AM, Pemasiri Devanarayana
> <pemasiri_at_gmail.com>wrote:
>
> > Hi,
> >
> > I just want some one to confirm that, if we use inspect icmp on ASA just
> > for
> > troubleshooting purpose and by mistake if we leave them with the running
> > configuration, will it considered as unnecessary configuration and will I
> > loose marks on ASA part.?
> >
> > thanks
> > Pemasiri
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> >
> >
> >
> >
>
>
> --
> Thanks and Regards,
> Waseemullah Memon
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Tue Feb 15 2011 - 15:49:16 ART