Filter
Top Products
16-7
Cisco ASDM User Guide
OL-16647-01
Chapter 16 Configuring Management Access
Configuring Configuring ICMP Access
To define an FTP mount point, perform the following steps:
Step 1 From the Configuration > Device Management > Management Access > File Access > Mount-Points
pane, click Add > FTP Mount Point.
The Add FTP Mount Point dialog box appears.
Step 2 Check the Enable check box.
This option attaches the FTP file system on the security appliance to the UNIX file tree.
Step 3 In the Mount Point Name field, add the name of an existing FTP location.
Step 4 In the Server Name or IP Address field, add the name or IP address of the server where the mount point
is located.
Step 5 In the Mode field, click the radio button for the FTP mode (Active or Passive). When you choose Passive
mode, the client initiates both the FTP control connection and data connection. The server responds with
the number of its listening port for this connection.
Step 6 In the Path to Mount field, add the directory path name to the FTP file server.
Step 7 In the User Name field, add the name of the user authorized for file system mounting on the server.
Step 8 In the Password field, add the password for the user authorized for file system mounting on the server.
Step 9 In the Confirm Password field, add the password again.
Step 10 Click OK.
The dialog box closes.
Step 11 Click Apply.
The mount point is added to the security appliance and the change is saved to the running configuration.
Configuring Configuring ICMP Access
By default, you can send ICMP packets to any security appliance interface. However, by default, the
security appliance does not respond to ICMP echo requests directed to a broadcast address. You can
protect the security appliance from attacks by limiting the addresses of hosts and networks that are
allowed to have ICMP access to the security appliance.
Note For allowing ICMP traffic through the security appliance, see the “Configuring Access Rules” section
on page 20-7.
It is recommended that permission is always granted for the ICMP unreachable message type (type 3).
Denying ICMP unreachable messages disables ICMP Path MTU discovery, which can halt IPSec and
PPTP traffic. See RFC 1195 and RFC 1435 for details about Path MTU Discovery.
If you configure ICMP rules, then the security appliance uses a first match to the ICMP traffic followed
by an implicit deny all. That is, if the first matched entry is a permit entry, the ICMP packet continues
to be processed. If the first matched entry is a deny entry or an entry is not matched, the security
appliance discards the ICMP packet and generates a syslog message. An exception is when an ICMP rule
is not configured; in that case, a permit statement is assumed.