When filtering ICMP packets by type and code, the generated rules do not include the icmp code.
Example: I have defined a service named ICMP packet too big with type=3 and code=4
The resulting rule for an IOS ACL line is as follows. As you can see the code is missing.
ip access-list extended vlan17_in
! Rule 0 (global)
! enable path MTU, allow icmp packet too big (ICMP type 3, code 4)
permit icmp any any 3 log
Log in to post a comment.