ICMP and CBAC
Stateful inspection of ICMP protocol was introduced in version 12.2(11)YU, and integrated in IOS version 12.2(15)T. Before this version, to allow the ping, you had to allow the ECHO for the ping request traffic and ECHO-REPLY for ping reply traffic. With the introduction of stateful inspection in the ICMP protocol, static ACL does not have to be created for the ICMP Packet Types shown in Table 5-1.
| ICMP Packet Types | Name | Description |
|---|---|---|
| 0 | Echo Reply | Reply to Echo Request (Type 8) |
| 3 | Destination Unreachable | Possible reply to any request |
| 8 | Echo Request | Ping or traceroute request |
| 11 | Time Exceeded | Reply to any request if the time to live (TTL) packet is 0 |
| 13 | Timestamp Request | Request |
| 14 | Timestamp Reply | Reply to Timestamp Request (type 13) |
A more detailed description of stateful inspection of ICMP protocol can be found at: http://www.cisco.com/en/US/products/sw/iosswrel/ps5012/products_feature_guide09186a0080146558.html