On 23 Jun 2014, at 23:19, Philip Homburg wrote:
Type 1, code 4 is port unreachable. That is triggered by UDP traceroute. It would be better not to filter those packets.
Type 1, code 1 means administratively prohibited. It is best to allow that one as well. Or in general, any destination unreachable ICMP.
Though I don't understand why 'sequence 2020 permit icmp any any destination-unreachable' does accept those packets.
Does or doesn't? (-: In any case; i figured out that 'destination-unreachable' actually only means type 1, code 3, which would explain a lot. A bit confusing name I guess (even though it makes sense, kinda). So, I'll just change 'destination-unreachable' (type 1, code 3) to 'unreachable' (type 1, all codes), and it should be good. -- Joachim