Forbidden - You do not have permission to access this document??

itdaddyitdaddy Senior MemberMember Posts: 2,089 ■■■■□□□□□□
why do I keep on getting this..i cant post anything or any code to my account
why is this happen??????? why wont it take my code?? examples??
and how do yu put this in quotes I have tried using
but it doesnt work for me what is up?thanks

Comments

  • cisco_troopercisco_trooper Too many Member Posts: 1,442 ■■■■□□□□□□
    Do a show run icmp:
    FW1# show run icmp
    icmp unreachable rate-limit 1 burst-size 1
    icmp permit any Outside
    icmp permit any DMZ
    icmp permit any Inside
    

    If you have any icmp permit statements like you see above then you'll want to look into those. You don't have to allow or deny ICMP using the ACL attached to your outside interface. If you have both statements I do NOT know which one will prevail or how they will affect each other.
  • itdaddyitdaddy Senior Member Member Posts: 2,089 ■■■■□□□□□□
    You are the man cisco_trooper the man!
    no wonder they call you cisco_trooper

    this is what i did and it works just like you said:
    I did have to make and ACL permit any any icmp then it worked.
    but i change my icmp configs to this and it works
    outbound from my lan pings anything and you cannot ping my itdaddy.net no more
    freaking awesome thank you so much I appreciate you and your skills.

    Robert ;)

    asa(config)# sh run icmp
    icmp unreachable rate-limit 1 burst-size 1
    icmp permit any inside
    icmp deny any outside
    asa(config)#
  • AhriakinAhriakin SupremeNetworkOverlord Member Posts: 1,799 ■■■■■■■■□□
    Actually in reference to a few posts you need to understand that nothing is coming from the Outside In unless you specifically allow it. You don't need an ACL entry to deny, you just don't permit it, that's the essence of a stateful firewall.

    Now with ICMP the safest/easiest thing to do is statefully inspect it, this will allow pings/traceroutes to return safely but deny anything not initiated from the inside without the need for specific ACL entries from windows hosts at least, since *nix and Cisco tend to use UDP traceroutes you'll need specific returning ICMP ACEs (echo-reply, unreachable, time-exceeded) as there's no outbound ICMP for the firewall to statefully track. Whatever you do take the permit icmp any any off your outside ACL.

    policy-map global_policy
    class inspection_default
    inspect icmp
    inspect icmp error
    exit
    exit

    ICMP PERMIT/DENY (int) statements refer to the ASA's own interfaces only, not protected hosts.
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
  • cisco_troopercisco_trooper Too many Member Posts: 1,442 ■■■■□□□□□□
    Ahriakin wrote: »
    ICMP PERMIT/DENY (int) statements refer to the ASA's own interfaces only, not protected hosts.

    +1
    This is true and I thought that was what we were doing.
    itdaddy wrote: »
    I am trying to stop pings from coming
    to my asa from public
  • itdaddyitdaddy Senior Member Member Posts: 2,089 ■■■■□□□□□□
    Why do I keep getting this when I post comments and replies help!

    Forbidden
    You do not have permission to access this document.



    Web Server at techexams.net
  • WebmasterWebmaster Admin Posts: 10,292 Admin
    itdaddy wrote: »
    Why do I keep getting this when I post comments and replies help!

    Forbidden
    You do not have permission to access this document.



    Web Server at techexams.net

    Just sent you a PM.
  • itdaddyitdaddy Senior Member Member Posts: 2,089 ■■■■□□□□□□
    webmaster

    got it thankyou i will watch my language ahaha;)
    thanks
    robert;)

    icon_cheers.gif
Sign In or Register to comment.